Critical Mac QuickTime zero-day exploit released!

Critical Mac QuickTime zero-day exploit released!

Summary: A zero-day Apple QuickTime flaw for Mac OS X has officially kicked off the MoAB (Month of Apple Bugs).  The exploit has been "100% reliable for a current up-to-date x86-based OS X system".


A zero-day Apple QuickTime flaw for Mac OS X has officially kicked off the MoAB (Month of Apple Bugs).  The exploit has been "100% reliable for a current up-to-date x86-based OS X system".  Anyone wishing to confirm the vulnerability in their own Intel-based Macs can click on this test link of a specially crafted QuickTime file that will say "happy new year" though the exploit can be easily modified to do more malicious things like delete all of your photos and documents or encrypt them for ransom.

This is the first of many Apple vulnerabilities that will be exposed this month.  This exploit is EXTREMELY dangerous because it can be remotely triggered with a malicious email attachment or a specially crafted webpage that will automatically trigger the QuickTime "movie" which is actually not a movie but a malicious payload.  The exploit is in weaponized Metasploit form and there are no patches available.  Disabling QuickTime playback in the web browser of choice might be the only temporary work-around at this time.  Mac users should also avoid opening QuickTime files they receive in email unless they're sure the file is from someone they trust and it's intended for them.

Topic: Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hurray!

    That'll show those obnoxious smug Mac users. They totally deserve this. Remember those ads with that guy being mean to the PC guy? Serves them right.
    tic swayback
    • Hurray!

      Yeah - I am sitting at work twiddling my thumbs, like the rest of the 100 or so workers because our Windows PeeCee's won't let us log in (happens every second day.) One flaw for an Intel Mac is nothing to worry about compared to hundreds of thousands for an average Windows PC. (I do think Apple should have stuck with PowerPC chips though - Intel chips suck.)
      • Your PeeCee's won't let you, or your Server(s) won't let you?

        My NetWare servers seem just fine :)
        • Novell Open Enterprise Server 2.0

          Just got my beta invite++
      • Do you think said behavior is normal?

        "I am sitting at work twiddling my thumbs, like the rest of the 100 or so workers because our Windows PeeCee's won't let us log in (happens every second day.)"

        I would suggest the problem isn't Windows but rather incompetent system administrators.
      • Until very recently, I would've agreed with you.

        Up until the new Core chips (or maybe the Pentium-M, of which the Core is an enhancement), Intels have been among the slowest per MHz, least efficient CPUs out there. In every generation, the nearest equivalent Motorolla (including 680x0 as well as the PowerPC) and IBM PowerPC chips have soundly defeated the nearest equivalent Intel at the same clock speed or even when the Intel CPU was clocked significantly faster. This held true all the way from the old 8-bit Intel 8080 vs. the Motorolla 6800 all the way through the PowerPCs vs. the nearest equivalent Pentium 4s.

        No longer. The Core chips are very efficient compared to the Pentium 4s, and even enough to pull them ahead of the nearest equivalent dual-core AMDs in both speed and power efficiency. Since the AMDs were more on a level with the PowerPCs in recent generations, this means that the PowerPCs are likely also beat by the new Cores (as Apple’s benchmarks imply).

        That said, switching to Intel may have been a bad move for security reasons, for the simple reason that far more hackers know Intel x86 machine language than know (or are willing to bother to learn) PowerPC ML (which is considerably different). Not only are the new x86 Macs more vulnerable for this reason, PowerPC Mac vulnerability is also increased because hackers can now more easily figure out how OS X works by reverse engineering an x86 Mac’s OS X, and apply what they learned from that version to the PowerPC version.
        Joel R
      • Oh this is good

        You are complaining here publically about your network admins?
        Remember what I told you now, the monitor is only what you look at and is not the computer. You can hit that button all day long and it won't turn on the machine. I'm sure that laptop threw you off again, didn't it?
    • lol

      Nice Try Tic. I'll say you get (other than mine) 8 responses. Which gives you a troll score of 4.2. ;)
    • And the score is...

      Something like 10 Mac Viruses vs. 300,000 PC viruses.
      • Even after the MoAB,

        assuming that the hacker lives up to his promise to release one new Apple exploit per day for the entire month of January, it’ll [i]still[/i] be true that more new malwares come out [i]every day[/i] for Windows than have [i]ever existed[/i] for the Mac (all the way back to and including the Lisa).
        Joel R
      • Scores don't matter

        Only takes one...
        John Zern
      • God..please dont tell me...

        A Mac has actually had a virus?? Seems I have read from a few Apple enthusiasts around here that any talk of even one actual Apple virus in nonsense. Of course thats not what any number or reliable security websites say, but rest assured there have been at least a couple of Mac users who claim that any talk of ANY Apple virus is nonsense because none have ever existed for OSX.
        • Weren't the first viruses Mac viruses?

          I may be wrong, but weren't some of the first viruses written for the Mac (long before the OSX days)? It was pre-Internet, so you got them from an infected floppy.

          Ha! Once again, Windows is forced to play catchup.
          tic swayback
          • Only You

            Only you could come up such twaddle.
    • I wonder which is largest?

      With a responses like tic's, I wonder which is largest, age, IQ, or shoe size?
      • As long as he isn't biblical age...

        I hope his IQ is the largest. Otherwise Guinness needs to look him up.
      • Typical

        You smug Mac users totally deserve this. You dared to ask ace hacker Johnny Quest for proof of his magical Wifi hack that was later totally proven publicly. So rather than going through normal channels like responsible bug finders, grandstanding and publicity hounding is now totally acceptable. Plus I don't like those ads where the mean Mac guy picks on the cute and fuzzy PC guy.
        tic swayback
        • No Fair Tic

          Inflaming the Trolls does not add to your score. ;)
          • Re: No Fair Tic

            Think Badgered has been watching to many Lord of the Rings films. It was because of people like you that Computer users are called geeky.
            Do you wear a white shirt,bow tie, and one of those pen holder thingys? Bet you do
          • You'd lose your bet

            But thanks for thinking of me so highly, or yet... at all.

            Have a good new year. :)