Latests QuickTime Exploit targets both Macs and PCs

A US-based security researcher has published a single piece of code that can remotely compromise both PCs and Macs as long as they are running Apple's QuickTime media player.

The exploit is at least the fourth to target a newly discovered security flaw in the way QuickTime interacts with servers that stream audio and video. Up until now, the exploits have only targeted machines running Windows operating systems, but Lorenzo Hernandez, the researcher who prefers to go by the name Larry, says his exploit also targets Tiger and Leopard versions of OS X running on both Intel-made processors or older machines that use the PowerPC chip. "Our intention was to provide a highly educational exploit," Larry told El Reg. "We are trying to expose and show exploitation techniques for OS X

View: The full story @ The Reg

Report a problem with article
Previous Story

SSDs to Reach Portable Devices in 2008

Next Story

Samsung rolls out coolest 1TB drive

31 Comments

Commenting is disabled on this article.

Cool, both the Windows XP workstation and the Mac sitting on my desk can suffer the same fate! I wouldn't be in this boat if Adobe design suites didn't require Quicktime to be installed. If it weren't for that fact, for once Windows wouldn't be the one cringing in the corner waiting for the boot to be thrown at it. I now know why both computers were sitting in the corner whining this morning when I walked into the office. They're both waiting to hear from Apple about the magical download that will end their fears.

Could someone please explain to me why Apple doesn't just make quicktime a codec and ditch the media player thing... that way we dont have to install the whole media player on windows....

neufuse said,
Could someone please explain to me why Apple doesn't just make quicktime a codec and ditch the media player thing... that way we dont have to install the whole media player on windows....

there are alternatives, i havn't touched quicktime in years

Here is the result of this for Macs. I'm not sure why the news poster didn't notice this article on the SAME site.

http://www.theregister.co.uk/2007/10/31/in...ild_osx_trojan/

"The noteworthy part is that someone is targeting the [Mac] OS," said Randy Abrams, a security researcher at antivirus software provider Eset. "This may mean that the OS is beginning to gain enough users to be attractive to attackers."

When Mac users try to view some videos, the site feeds them a page that says QuickTime is unable to play the file unless a special codec is installed first. If the user proceeds, a form of DNSChanger is installed that hijacks some web requests sent to eBay, PayPal and some banking websites, according to this write-up from Intego.

This STILL requires the user to input a password to install the "Codec."

betasp said,

This STILL requires the user to input a password to install the "Codec."


So no moron that owns a mac is going to think, "Hey, I can't get infected. There are no viruses or exploits for my Mac. I'll go ahead and enter my password."

You don't think anyones going to do it? I do.

betasp said,

This STILL requires the user to input a password to install the "Codec."

ok fair enough, now give us a legitimate reason why you woudl even not consider installing a codec if you want to play something, 99% of people will go yeah i wanna play that give me the codec.

and yeah as stated earlier same applies to vista so get off your high horse and stop tryingto defend apples mistakes, its only when there users start holding them accountable that they will hange

Apple products are not subject to any exploits whatsoever, so i don't believe this for a second.
it does make sense that it affects PCs, because they're inherently inferior to apple products due to the fact that they cost much less for better performance/dollar ratio.

/apple fanboy ignorance


but seriously though, it seems like a lot of security and general bug issues have been affecting apple products as of late. i hope they can get their act together and get things fixed or they may be at risk of losing some potential customers, as well as existing ones. although somehow i have a feeling that the apple fanboys will somehow try to justify this by saying they never screwed up before so they deserve a break this time, or another scenario is that the fanboys will somehow try to place blame on Vista, like all their retarded and false (albeit sometimes dryly funny) tv ads.

i assume these are fairly easy to exploit?

cause if you can get your pc compromised by just visiting a site that uses quicktime video... this is a pretty serious flaw. if it gets to the point where it's real serious i might have to disable quicktime somehow.

betasp said,
If you own a Mac, it still requires you to input your password to install the "codec."

UAC would stop this on Vista, too. The problem is all the dummies out there that would click anyway.

ajua said,
i think it already become that. too much security flaws.

It's been a bloated POS for as long as I can remember. I particularly hated the way it displayed an icon in your system tray for no bloody reason.

Have I been missing something or has there been a lot more security problems and bugs (general bugs) with a lot of Apple's products being found and disclosed lately?