Winston-Salem, Business, News, Events, Greensboro, Technology, IT Services

QuickTime Falls Prey to Malicious Movies and Images

Severity: Medium

9 September, 2009

Summary:

§ These vulnerabilities affect: QuickTime for OS X or Windows

§ How an attacker exploits them: By enticing your user to click a malicious link or view a maliciously-crafted movie or image

§ Impact: An attacker could execute code on your user’s computer, potentially gaining control of it

§ What to do: Download and install QuickTime 7.6.4 for Windows or OS X (or use Apple’s Software Update tool)

Exposure:

Today, Apple released a security update to fix four vulnerabilities in QuickTime, their popular media player for both Windows and Macintosh OS X. The vulnerabilities differ technically, but all involve various buffer overflow or memory corruption vulnerabilities. They also share the same scope and impact. By luring one of your users into viewing a maliciously crafted movie or image file, an attacker can exploit one of the four QuickTime flaws to execute code on that user’s computer (or, less worrisome, crash QuickTime). Some of the files susceptible to this attack include MPEG-4, H.264, and FlashPix. These vulnerabilities can be exploited on Windows and OS X computers, with differing results. Attackers exploiting these flaws only gain the privilege of the logged in user. OS X separates normal users privileges from root or administrative privileges. So an attacker will not gain complete control of OS X machines with these flaws. However, most Windows users have local administrative privileges. So an attacker could potentially leverage these flaws to gain complete control of Windows machines.

Solution Path:

Apple has released QuickTime 7.6.4 to fix these security issues. Windows and OS X administrators should download, test, and deploy the appropriate update as soon as possible. By default, Apple’s download bundles iTunes with QuickTime, but because iTunes often has security issues of its own, we recommend that you select the option of downloading QuickTime alone.

For All Users:

Because QuickTime handles so many different media types (many of which are essential for doing business today), trying to block exploitable file types using your firewall may not be the best way to support your organization’s mission. Instead, your best solution is to download and install Apple’s fixes.

Status:

Apple has released updates to fix these issues.

References:

§ Apple’s September QuickTime advisory

This alert was researched and written by Corey Nachreiner, CISSP.

Be Sociable, Share!
Leave a Reply

You must be logged in to post a comment. Login »

Optimization WordPress Plugins & Solutions by W3 EDGE