Apple QuickTime exploit in the wild

Summary:An active exploit has been seen by Symantec for a vulnerability that affects the latest versions of Apple QuickTime

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability.

Researcher Joji Hamada wrote in Symantec's Security Response Weblog on Saturday that the company had seen an active exploit for the vulnerability in Apple's media-streaming program that could lead to users downloading Trojan software.

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malware called "Downloader". Downloader is a Trojan that causes compromised machines to download other malware from the internet. Symantec rates Downloader as "very low" risk.

No patch is currently available for the vulnerability, which affects version 7.x, and which lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.

Symantec is advising concerned IT professionals to run web browsers at the highest security settings possible, disable Apple QuickTime as a registered RTSP protocol handler, and filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Proof of concept code was published when the vulnerability was disclosed by security research company Secunia last week.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.