Rich Fiscus
25 Nov 2007 18:41
Security analysts are warning that a bug in Apple's QuickTime threatens to allow hackers to install malware on computers running Windows XP or Vista or even get a list of passwords from the target computer.
According to Symantec analyst Anthony Roe, the flaw is more easily exploited in Vista than it would be under normal circumstances because Apple developers failed to take advantage of a Vista feature called Address Space Layout Randomization (ASLR). ASLR allows Windows Vista to load binaries (like quicktime) into memory in random locations, making it harder for an attacker to identify a particualar piece of code among all the other data stored in memory.
Another Symantec researcher, Patrick Jungles, added that QuickTime vulnerabilities usually draw attackers quickly. "In the past, we have seen a very short period of time between the release of proof-of-concept exploits for QuickTime vulnerabilities and the development of working exploits by attackers," said Jungles in a note to customers of his company's DeepSight threat network. "Popular applications such as QuickTime are strong candidates for exploitation in the wild."
Source: Computerworld