- Joined
- Mar 5, 2002
- Messages
- 25,739
- Reaction score
- 1,204
Not very long ago we posted about fixed vulnerabilities in QuickTime. Now another vulnerability has been discovered, this time in the way QuickTime handles the RTSP Content-Type header. RTSP is a protocol used to stream media. Unfortunately there's public exploit code available and no patch yet from Apple.
The team over at US-CERT has posted some workarounds such as disabling the QuickTime ActiveX Controls, blocking RTSP. If you do the registry changes, make sure you revert them once you have installed the coming patch or else you won't be able to view any streaming QuickTime media.
Additional Notes: Symantec has some excellent analysis located here. They found that this exploit crashes the ActiveX Control in IE. Firefox on the other hand passes off the QuickTime request directly to QuickTime Player. So Firefox users may therefore be more vulnerable, not because of the browser itself, but because Firefox will move the exploit directly to its intended platform.
Also, while this exploit allows remote code execution and is potentially quite severe, it's not in the wild at the moment. There is however a very good chance of that changing as QuickTime is one of a growing number of popular third-party applications targeted by the bad guys.
The team over at US-CERT has posted some workarounds such as disabling the QuickTime ActiveX Controls, blocking RTSP. If you do the registry changes, make sure you revert them once you have installed the coming patch or else you won't be able to view any streaming QuickTime media.
Additional Notes: Symantec has some excellent analysis located here. They found that this exploit crashes the ActiveX Control in IE. Firefox on the other hand passes off the QuickTime request directly to QuickTime Player. So Firefox users may therefore be more vulnerable, not because of the browser itself, but because Firefox will move the exploit directly to its intended platform.
Also, while this exploit allows remote code execution and is potentially quite severe, it's not in the wild at the moment. There is however a very good chance of that changing as QuickTime is one of a growing number of popular third-party applications targeted by the bad guys.