Latests QuickTime Exploit targets both Macs and PCs

A US-based security researcher has published a single piece of code that can remotely compromise both PCs and Macs as long as they are running Apple's QuickTime media player.

The exploit is at least the fourth to target a newly discovered security flaw in the way QuickTime interacts with servers that stream audio and video. Up until now, the exploits have only targeted machines running Windows operating systems, but Lorenzo Hernandez, the researcher who prefers to go by the name Larry, says his exploit also targets Tiger and Leopard versions of OS X running on both Intel-made processors or older machines that use the PowerPC chip. "Our intention was to provide a highly educational exploit," Larry told El Reg. "We are trying to expose and show exploitation techniques for OS X

View: The full story @ The Reg

Report a problem with article
Previous Story

SSDs to Reach Portable Devices in 2008

Next Story

Samsung rolls out coolest 1TB drive

31 Comments

View more comments

betasp said,
If you own a Mac, it still requires you to input your password to install the "codec."

UAC would stop this on Vista, too. The problem is all the dummies out there that would click anyway.

Apple products are not subject to any exploits whatsoever, so i don't believe this for a second.
it does make sense that it affects PCs, because they're inherently inferior to apple products due to the fact that they cost much less for better performance/dollar ratio.

/apple fanboy ignorance


but seriously though, it seems like a lot of security and general bug issues have been affecting apple products as of late. i hope they can get their act together and get things fixed or they may be at risk of losing some potential customers, as well as existing ones. although somehow i have a feeling that the apple fanboys will somehow try to justify this by saying they never screwed up before so they deserve a break this time, or another scenario is that the fanboys will somehow try to place blame on Vista, like all their retarded and false (albeit sometimes dryly funny) tv ads.

Here is the result of this for Macs. I'm not sure why the news poster didn't notice this article on the SAME site.

http://www.theregister.co.uk/2007/10/31/in...ild_osx_trojan/

"The noteworthy part is that someone is targeting the [Mac] OS," said Randy Abrams, a security researcher at antivirus software provider Eset. "This may mean that the OS is beginning to gain enough users to be attractive to attackers."

When Mac users try to view some videos, the site feeds them a page that says QuickTime is unable to play the file unless a special codec is installed first. If the user proceeds, a form of DNSChanger is installed that hijacks some web requests sent to eBay, PayPal and some banking websites, according to this write-up from Intego.

This STILL requires the user to input a password to install the "Codec."

betasp said,

This STILL requires the user to input a password to install the "Codec."


So no moron that owns a mac is going to think, "Hey, I can't get infected. There are no viruses or exploits for my Mac. I'll go ahead and enter my password."

You don't think anyones going to do it? I do.

betasp said,

This STILL requires the user to input a password to install the "Codec."

ok fair enough, now give us a legitimate reason why you woudl even not consider installing a codec if you want to play something, 99% of people will go yeah i wanna play that give me the codec.

and yeah as stated earlier same applies to vista so get off your high horse and stop tryingto defend apples mistakes, its only when there users start holding them accountable that they will hange

Could someone please explain to me why Apple doesn't just make quicktime a codec and ditch the media player thing... that way we dont have to install the whole media player on windows....

neufuse said,
Could someone please explain to me why Apple doesn't just make quicktime a codec and ditch the media player thing... that way we dont have to install the whole media player on windows....

there are alternatives, i havn't touched quicktime in years

LTD said,
People who think "Apple isn't anything special, it's all marketing" are people who've never actually used an Apple product.

In the immortal words of Marvin the Paranoid Android, "I've seen it... it's rubbish." If you like it, that's your right.

LTD for once just shut up. We are all so sick of your pro-Apple garbage. I use OS X and like Apple but for **** sake you take it to a whole other level. QuickTime is the software equivalent of swiss cheese and you know it.

Posts like LTD are unfortunate. They continues to perpetuate the elitist attitude that Apple and its users need to get rid of. Some are great wealths of information, but the attitude dilutes their voice. And trying to tell others how great OS X is by being snide doesn't help. Not to mention, some anti-Apple people will refuse to accept facts no matter what. So why even bother?

I love my MacBook Pro, much more so than my Dell. But Apple is a company. They make products we buy. They're out to make money. Just like Microsoft. Unless you work for Apple or Microsoft, why are you defending or supporting them so vigorously? I bought my Mac because I liked the product. If someone else thinks I'm an idiot for buying an overpriced laptop, fine. I really don't care and they missed the point. I'm happy with my overpriced laptop, that is what's important.

well i fit the first bit "Apple isn't anything special, it's all marketing" i used adn admined macs for about a year, so second point is just wrong

an OS used by over 25 million of the richest and best-educated people, richest yeah, because u need to be rich to even own one. but please don't quote cnet BS as truth

"in the wild" you didn't mention fully patched though, even though i am gald you say in the wild nowdays, but really that always makes me laugh how proof of concept viruses just dont count with mac fanboys

security by obscurity, must be true casue guess what , more poelp using macs and more vulnerabilites being found, hard to believe what you say when the bugs speak for themsleves,

even you have to realise apple no longer 'just works'

i've used quicktime: it sucked (on both windows and mac)
itunes on windows: sucked
safari on windows: sucked

I'm not arguing that os x is a good OS, but as a software developer i have no use for it. And people like you make me vomit.

Cool, both the Windows XP workstation and the Mac sitting on my desk can suffer the same fate! I wouldn't be in this boat if Adobe design suites didn't require Quicktime to be installed. If it weren't for that fact, for once Windows wouldn't be the one cringing in the corner waiting for the boot to be thrown at it. I now know why both computers were sitting in the corner whining this morning when I walked into the office. They're both waiting to hear from Apple about the magical download that will end their fears.

Well, I can't argue that OS X is "Built on a more secure model". It is. Built on a Unix base is a great idea. Too bad "most" of the software I use does not work on a mac, unless it's running Windows...and to me that kinda defeats the point of buying an Apple computer.

I've been reading about various exploits on Macs. Some day it will happen. Once you're infected, how will you know?

Commenting is disabled on this article.