AfterDawn: Tech news
AfterDawn > News > Security analysts warn of QuickTime exploit

Security analysts warn of QuickTime exploit

Written by Rich Fiscus @ 25 Nov 2007 6:41 User comments (12)

Security analysts warn of QuickTime exploit Security analysts are warning that a bug in Apple's QuickTime threatens to allow hackers to install malware on computers running Windows XP or Vista or even get a list of passwords from the target computer.
According to Symantec analyst Anthony Roe, the flaw is more easily exploited in Vista than it would be under normal circumstances because Apple developers failed to take advantage of a Vista feature called Address Space Layout Randomization (ASLR). ASLR allows Windows Vista to load binaries (like quicktime) into memory in random locations, making it harder for an attacker to identify a particualar piece of code among all the other data stored in memory.

Another Symantec researcher, Patrick Jungles, added that QuickTime vulnerabilities usually draw attackers quickly. "In the past, we have seen a very short period of time between the release of proof-of-concept exploits for QuickTime vulnerabilities and the development of working exploits by attackers," said Jungles in a note to customers of his company's DeepSight threat network. "Popular applications such as QuickTime are strong candidates for exploitation in the wild."



Source: Computerworld

<Sony once again denies PSP phone >iPhone too expensive in the UK, reveals study
Previous Next  

12 user comments

125.11.2007 20:48
furchtlos
Inactive

better be careful then.

225.11.2007 20:58
duckNrun
Inactive

$10 says that the fanboys will be saying this is a MS issue and St Jobs' code is as pure as snow and can't be faulted

325.11.2007 23:10
mediabob
Send private message to this user
Member

its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny

426.11.2007 03:01
duckNrun
Inactive

Originally posted by mediabob:
 its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny
lol

I use what I use because I use it, which btw is XP. I have looked at and considered Linux on my next PC for all my 'on the web' usuage for security and whatnot. Of course I would still be windows native for my gaming.

That being said I have never had a problem with XP being malware or virus infested. The few times I did catch something was due to my own actions while I was 'off roading' on the net.

If I could grab a copy of Tiger or Leopard or whatever it is now I would gladly give it a spin and if I liked it I would probably keep it. I'm just not willing to 'upgrade' my system to the Jobs Mob

526.11.2007 06:42
ali2007
Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

626.11.2007 06:46
ali2007
Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

726.11.2007 10:44
xSModder
Send private message to this user
Junior Member

Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.

826.11.2007 11:46
emugamer
Inactive

Originally posted by xSModder:
 Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.
Yes, there are current XP apps that require the user to install the latest Quicktime. The Total Training series for example. I use their Advanced Photoshop and Illustrator training. That's just 1 example. I'm sure other members can think of a few more.

926.11.2007 13:09
xSModder
Send private message to this user
Junior Member

You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.

1027.11.2007 06:31
emugamer
Inactive

Originally posted by xSModder:
 You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.
Yeah, I wish Total Training would use something else. I wouldn't pay for Quicktime as a standalone app. It's unfortunate that I have it on my PC. But I haven't found any training series as good as theirs.

1130.11.2007 07:29
Mez
Send private message to this user
AfterDawn Addict

A news flash for xSModder...

If you have iTunes installed on your PC you have QT running. Because QT is a memory hog and takes so long to load, Apple loads QT at startup! That is Apples solution to crappy software. Apple doesn't care if you never use it or can't use it becase your iPod can not play videos. They figure you are too stupid to figure it out where your memory got to. I guess it works for 99.9% of the population.

This message has been edited since its posting. Latest edit was made on 30 Nov 2007 @ 7:34

1220.12.2007 06:30
borhan9
Send private message to this user
AfterDawn Addict

Well would it not be better to get rid of the software all together if this is the case every couple of months or every year wats going on.

Comments have been disabled for this article.

Latest news

Netflix to start airing TV broadcasts Netflix to start airing TV broadcasts (19 Jun 2025 6:39)
Netflix will start airing linear TV broadcasts within its apps by summer 2026. Netflix and French media company TF1 announced the partnership, which will also bring TF1's on-demand content to French Netflix users.
1 user comment
Android 16 officially released Android 16 officially released (10 Jun 2025 4:06)
Google has officially rolled out the stable version of the Android 16 operating system in June 2025.
6 user comments
AfterDawn's 26th birthday AfterDawn's 26th birthday (10 Jun 2025 12:37)
Our little site, AfterDawn, had its 26th birthday on 10th of June, 2025.
EU to launch age verification app, mandatory for porn sites EU to launch age verification app, mandatory for porn sites (02 Jun 2025 3:28)
European Union is set to launch an age verification app by October 2025. Age verification uses so-called strong digital user authentication and it is required in order to access the largest adult websites.
EU: Mandatory 5 year update commitment for phones EU: Mandatory 5 year update commitment for phones (30 May 2025 2:51)
European Union requires phone manufacturers to provide software updates for minimum of 5 years for all their phones, starting from June, 2025.

Reviews

Roborock Saros 10 review - Great, but not perfect Roborock Saros 10 review - Great, but not perfect
We tested Roborock Saros 10 robot vacuum for more than two months in order to see whether it is really worth its hefty price tag. The mopping, self-emptying Saros 10 was mostly great, even perfect. But its object avoidance was bit disappointing.
1 user comment
Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum
We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging
In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product.
1 user comment

Guides

Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix
Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems.
1 user comment
What happens if you don't update Android? What happens if you don't update Android?
Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
What IP rating for dust and water resistance means What IP rating for dust and water resistance means
An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean?
1 user comment
Guide: Phone battery drains quickly - how to fix (iPhone / Android) Guide: Phone battery drains quickly - how to fix (iPhone / Android)
In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
Does your phone rattle? Here's why it happens Does your phone rattle? Here's why it happens
When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should.
2 user comments

News archive

Sections:

Follow us:

© 1999-2025 AfterDawn Oy. All rights reserved
Back to Top ⇧
AfterDawn is powered by Powered by UpCloud