Security analysts warn of QuickTime exploit

Written by Rich Fiscus @ 25 Nov 2007 6:41 User comments (12)

Security analysts are warning that a bug in Apple's QuickTime threatens to allow hackers to install malware on computers running Windows XP or Vista or even get a list of passwords from the target computer.

According to Symantec analyst Anthony Roe, the flaw is more easily exploited in Vista than it would be under normal circumstances because Apple developers failed to take advantage of a Vista feature called Address Space Layout Randomization (ASLR). ASLR allows Windows Vista to load binaries (like quicktime) into memory in random locations, making it harder for an attacker to identify a particualar piece of code among all the other data stored in memory.

Another Symantec researcher, Patrick Jungles, added that QuickTime vulnerabilities usually draw attackers quickly. "In the past, we have seen a very short period of time between the release of proof-of-concept exploits for QuickTime vulnerabilities and the development of working exploits by attackers," said Jungles in a note to customers of his company's DeepSight threat network. "Popular applications such as QuickTime are strong candidates for exploitation in the wild."

Source: Computerworld

<Sony once again denies PSP phone >iPhone too expensive in the UK, reveals study

12 user comments

125.11.2007 20:48

furchtlos

Inactive

better be careful then.

225.11.2007 20:58

duckNrun

Inactive

$10 says that the fanboys will be saying this is a MS issue and St Jobs' code is as pure as snow and can't be faulted

325.11.2007 23:10

mediabob

Send private message to this user

Member

its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny

426.11.2007 03:01

duckNrun

Inactive

Originally posted by mediabob:
its a conspiracy! apple wants the hackers to destroy xp and vista!!!!!!!!!! hahahah. im completely impartial between windows and os x. i thought itd be funny

lol

I use what I use because I use it, which btw is XP. I have looked at and considered Linux on my next PC for all my 'on the web' usuage for security and whatnot. Of course I would still be windows native for my gaming.

That being said I have never had a problem with XP being malware or virus infested. The few times I did catch something was due to my own actions while I was 'off roading' on the net.

If I could grab a copy of Tiger or Leopard or whatever it is now I would gladly give it a spin and if I liked it I would probably keep it. I'm just not willing to 'upgrade' my system to the Jobs Mob

526.11.2007 06:42

ali2007

Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

626.11.2007 06:46

ali2007

Inactive

i usually use comodo firewall on xp and vista which usually keeps me off malware and viruses and connects to only website i want to connect.

highly recommened people to use it

726.11.2007 10:44

xSModder

Send private message to this user

Junior Member

Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.

826.11.2007 11:46

emugamer

Inactive

Originally posted by xSModder:
Does anybody really even use Quicktime anymore?
I mean, come on guys, Windows 98 is not gonna cut it forever.

Yes, there are current XP apps that require the user to install the latest Quicktime. The Total Training series for example. I use their Advanced Photoshop and Illustrator training. That's just 1 example. I'm sure other members can think of a few more.

926.11.2007 13:09

xSModder

Send private message to this user

Junior Member

You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.

1027.11.2007 06:31

emugamer

Inactive

Originally posted by xSModder:
You know, there are quicktime alternatives. I mean, sure, the codec is still used, but there are other players and such. And if it comes integrated or bundled, I'd say it's likely a piece of crap and they're just trying to get it out there.

Do people really get Quicktime PRO?
I mean, why bother spending even 5 dollars, let alone a 1 minute download?
It's just dumb in my opinion.
And for the programs that require this ungodly add-on...I think it's time they make the switch.

Yeah, I wish Total Training would use something else. I wouldn't pay for Quicktime as a standalone app. It's unfortunate that I have it on my PC. But I haven't found any training series as good as theirs.

1130.11.2007 07:29

Mez

Send private message to this user

AfterDawn Addict

A news flash for xSModder...

If you have iTunes installed on your PC you have QT running. Because QT is a memory hog and takes so long to load, Apple loads QT at startup! That is Apples solution to crappy software. Apple doesn't care if you never use it or can't use it becase your iPod can not play videos. They figure you are too stupid to figure it out where your memory got to. I guess it works for 99.9% of the population.

This message has been edited since its posting. Latest edit was made on 30 Nov 2007 @ 7:34

1220.12.2007 06:30

borhan9

Send private message to this user

AfterDawn Addict

Well would it not be better to get rid of the software all together if this is the case every couple of months or every year wats going on.

Comments have been disabled for this article.

	VLC hits milestone: over 5 billion downloads (16 Mar 2024 4:31) VLC Media Player, the versatile video-software powerhouse, has achieved a remarkable feat: it has been downloaded over 5 billion times. 1 user comment
	Sideloading apps to Android gets easier, as Google settles its lawsuit (19 Dec 2023 11:09) Google settled its lawsuit in September 2023, and one of the settlement terms was that the way applications are installed on Android from outside the Google Play Store must become simpler. In the future, installing APK files will be easier. 8 user comments
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets (06 Jun 2023 9:19) Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Neato, the robot vacuum company, ends its operations (02 May 2023 3:38) Neato Robotics has ceased its operations. American robot vacuum pioneer founded in 2005 has finally called it quits and company will cease its operations and sales. Only a skeleton crew will remain who will keep the servers running until 2028. 5 user comments
	How to Send Messages to Yourself on WhatsApp (20 Mar 2023 1:25) The world's most popular messaging platform, Meta-owned WhatsApp has enabled sending messages to yourself. While at first, this might seem like an odd feature, it can be very useful in a lot of situations. .... 18 user comments

	Guide: Phone battery drains quickly - how to fix (iPhone / Android) In this guide, we go through the most typical reasons for rapid battery drain with phones, and look at potential reasons or solutions.
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	Windows 11: Check if TPM is enabled on your computer In this short guide we will look at how you can check the status of Trusted Platform Module (TPM) on your PC ahead of the coming launch of Windows 11.
	HOWTO: Install Netflix App on rooted Android device 'This app is no longer compatible with your device. Contact the developers for more info.' If you are getting this message from Google Play when trying to install Netflix, then maybe this little guide can help you.
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment

Security analysts warn of QuickTime exploit

12 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.
	Review: Samsung Jet Bot 90 AI+ - a high-end robot vacuum cleaner Samsung's Jet Bot 90 AI+ is a top-class robot vacuum cleaner that can avoid obstacles and empty its own dust container. Here we review the product. 1 user comment
	Samsung Jet Bot 80+ review - excellent robot vacuum cleaner We review Samsung's Jet Bot 80+ robot vacuum cleaner over a period of three months. 1 user comment