If at first you don't succeed; call it version 1.0
Wednesday, 03 January 2007

A month ago, a vulnerability in QuickTime was exploited to spread a worm in MySpace. The vulnerability was first published by pdp. In his article, pdp describes how HREFTrack attribute in .mov files can be used for malicious scripting. The MySpace worm abused this vulnerability in a cross-site scripting attack vector.

This MoAB issue shows that this vulnerability can also be used in a cross-zone scripting attack which could allow, in combination with other vulnerabilities, to remotely execute arbitrary code on the user's machine, as well as disclosure of the filesystem contents.

Proof-of-Concept code and more information can be found at MoAB #3.

Wednesday, 03 January 2007 22:38:19 UTC | Comments [2] | Security#
Thursday, 04 January 2007 08:12:55 UTC
Hate mail? Nah, I'm just confused, I hope you're not too ;-)
QuickTime has been vulnerable to CSS ever since href tracks
were included, what 10 years ago, v.3 or v.4? So are the Bad Guys
slow or stupid or what? My guess is that very, very few pr0n sites
use Quicktime.

Moving right along I note that we are using QT as a vector to exploit
weaknesses in IE and Windows. Given that IE6 doesn't exist for Mac
I won't put away my Mask-of-Smugness(TM) just yet. Of course
Apple ships the vector so they've gotta take the rap.

They say bright sunlight is a good disinfectant. Keep dragging these
bugs out into the light so we can all see them & help squash 'em.

Thursday, 04 January 2007 15:26:51 UTC
"This initiative aims to serve as an effort to improve Mac OS X, uncovering and finding security flaws in different Apple software and third-party applications designed for this operating system."

I understand, that this bug has something to do with Apple, but what does it have to do with OS X?
Comments are closed.     
Send me an Email
Follow me on Twitter
RSS Feeds
Admin Login
Sign In
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.