AfterDawn: Tech news

Security analysts warn of QuickTime exploit

Written by Rich Fiscus (Google+) @ 25 Nov 2007 18:41 User comments (12)

Security analysts warn of QuickTime exploit Security analysts are warning that a bug in Apple's QuickTime threatens to allow hackers to install malware on computers running Windows XP or Vista or even get a list of passwords from the target computer.
According to Symantec analyst Anthony Roe, the flaw is more easily exploited in Vista than it would be under normal circumstances because Apple developers failed to take advantage of a Vista feature called Address Space Layout Randomization (ASLR). ASLR allows Windows Vista to load binaries (like quicktime) into memory in random locations, making it harder for an attacker to identify a particualar piece of code among all the other data stored in memory.

Another Symantec researcher, Patrick Jungles, added that QuickTime vulnerabilities usually draw attackers quickly. "In the past, we have seen a very short period of time between the release of proof-of-concept exploits for QuickTime vulnerabilities and the development of working exploits by attackers," said Jungles in a note to customers of his company's DeepSight threat network. "Popular applications such as QuickTime are strong candidates for exploitation in the wild."

Source: Computerworld

Previous Next  

12 user comments

125.11.2007 20:48
furchtlos
Inactive

better be careful then.

225.11.2007 20:58
duckNrun
Inactive

$10 says that the fanboys will be saying this is a MS issue and St Jobs' code is as pure as snow and can't be faulted

325.11.2007 23:10

its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny

426.11.2007 3:01
duckNrun
Inactive

Originally posted by mediabob:
its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny
lol

I use what I use because I use it, which btw is XP. I have looked at and considered Linux on my next PC for all my 'on the web' usuage for security and whatnot. Of course I would still be windows native for my gaming.

That being said I have never had a problem with XP being malware or virus infested. The few times I did catch something was due to my own actions while I was 'off roading' on the net.

If I could grab a copy of Tiger or Leopard or whatever it is now I would gladly give it a spin and if I liked it I would probably keep it. I'm just not willing to 'upgrade' my system to the Jobs Mob

526.11.2007 6:42
ali2007
Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

626.11.2007 6:46
ali2007
Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

726.11.2007 10:44

Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.

826.11.2007 11:46

Originally posted by xSModder:
Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.
Yes, there are current XP apps that require the user to install the latest Quicktime. The Total Training series for example. I use their Advanced Photoshop and Illustrator training. That's just 1 example. I'm sure other members can think of a few more.

926.11.2007 13:09

You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.

1027.11.2007 6:31

Originally posted by xSModder:
You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.
Yeah, I wish Total Training would use something else. I wouldn't pay for Quicktime as a standalone app. It's unfortunate that I have it on my PC. But I haven't found any training series as good as theirs.

1130.11.2007 7:29

A news flash for xSModder...

If you have iTunes installed on your PC you have QT running. Because QT is a memory hog and takes so long to load, Apple loads QT at startup! That is Apples solution to crappy software. Apple doesn't care if you never use it or can't use it becase your iPod can not play videos. They figure you are too stupid to figure it out where your memory got to. I guess it works for 99.9% of the population.

This message has been edited since its posting. Latest edit was made on 30 Nov 2007 @ 7:34

1220.12.2007 6:30

Well would it not be better to get rid of the software all together if this is the case every couple of months or every year wats going on.

Comments have been disabled for this article.

News archive