Menu
Hacker posts QuickTime zero-day attack code

Hacker posts QuickTime zero-day attack code

Exploit public just a week after Apple fixes nine other bugs

A hacker has released attack code that exploits an unpatched vulnerability in Apple's QuickTime, just a week after the company updated the media player to plug nine other serious vulnerabilities, a security researcher said Wednesday.

The exploit, which was published on the milw0rm.com site Tuesday, takes advantage of a flaw in the "<? quicktime type= ?>" parameter in QuickTime, which is not prepared to handle excessively-long strings, said Aaron Adams, a researcher with Symantec's DeepSight threat notification network.

"Symantec is currently investigating this flaw further to determine the underlying technical details," said Adams in a research note Wednesday.

In its present form, the exploit triggers a QuickTime crash, but it may be more serious. "The exploit suggests that code execution may be possible," Adams added, "[and] if this flaw were to allow arbitrary code to run, it may pose a significant risk, because attackers may be able to exploit the issue by embedding a malicious file into a site."

The anonymous hacker who posted the attack code was just as uncertain as Symantec of the exploit's power. "Code execution may be possible," the milw0rm.com entry read.

Adams had little advice for users beyond urging them to be wary while browsing and to consider disabling the QuickTime plug-in, which is commonly found on Windows machines and installed by default on all Macs.

Last week, Apple updated QuickTime to 7.5.5 to patch nine other vulnerabilities, eight of which were tagged with the "arbitrary code execution" phrase that Apple uses to describe the most serious threats.

Apple has updated the player five times since the beginning of this year, and fixed more than 30 flaws in the process.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags quicktime

Featured

Slideshows

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Meet the winners of the 2020 Reseller News Innovation Awards

Meet the winners of the 2020 Reseller News Innovation Awards

Reseller News honoured the standout players of the New Zealand channel in front of more than 500 technology leaders in Auckland on 21 October, recognising the achievements of top partners, start-ups, vendors, distributors and individuals.

Meet the winners of the 2020 Reseller News Innovation Awards
Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Show Comments