ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Apple plugs 15 gaping security holes in QuickTime

By | December 8, 2010, 8:40am PST

Summary: Apple has shipped a new version of the QuickTime media player with patches for 15 security vulnerabilities affecting both Mac OS X and Windows users.

Apple has shipped a new version of the QuickTime media player with patches for 15 security vulnerabilities affecting both Mac OS X and Windows users.

The most serious of this batch of vulnerabilities could be exploited to launch remote code execution attacks via rigged image or movies files, Apple warned in an advisory.

QuickTime 7.6.9, available for Mac OS X (Leopard and Tiger) and Windows Windows 7, Vista, XP SP2 or later, is rated a “highly critical” update.

According to Apple, the flaws could be exploited via booby-trapped JP2 images, .avi files, movie files, MPEG-encoded files, FlashPix images, GIF images of PIC files.follow Ryan Naraine on twitter

Here’s a sample of some of the most serious flaws:

CVE-2010-3787: A heap buffer overflow exists in QuickTime’s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

CVE-2010-3788: An uninitialized memory access issue exists in QuickTime’s handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images.

CVE-2010-3789: A memory corruption issue is in QuickTime’s handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files.

CVE-2010-3790: A memory corruption issue exists in QuickTime’s handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files.

CVE-2010-3791: A buffer overflow exists in QuickTime’s handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking.

CVE-2010-3792: A signedness issue exists in QuickTime’s handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files.

CVE-2010-3793: A memory corruption issue exists in QuickTime’s handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination
or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files.

QuickTime 7.6.9 may be obtained from the Software Update application, or from the QuickTime Downloads site.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Security, Apple QuickTime, Movie, Apple Inc., Arbitrary Code Execution, JP2, Movie File, Application Termination, Digital Music, Digital Media, Personal Technology, Consumer Electronics, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
40
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Apple plugs 15 gaping security holes in QuickTime
lovedong 13th Sep
Thanks very much! happy rolex watches
View in thread
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Loverock Davidson 8th Dec 2010
People still use quicktime? I can't remember the last time I saw it loaded on anyone's computer willingly.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
statuskwo5 Updated - 8th Dec 2010
@Loverock Davidson Agreed. The only thing you really need installed on your computer is K-Lite Mega Codecs pack and you can use Windows Media Player to play QuickTime, DivX, even RealPlayer files with ease without any of these players. installed. wink
0 Votes
+ -
People still use quicktime?
Alan Henry 8th Dec 2010
@Loverock Davidson

No.
0 Votes
+ -
You need to get out more
Economister 8th Dec 2010
@Loverock Davidson

Quicktime has a unique frame-by-frame playback feature that I have not found anywhere else. Is is the best player for sports coaching.

I just updated 7 computers.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Alan Smithie 8th Dec 2010
@Lovey Dovey

Hate to agree with you but who in their right mind uses that rubbish.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Ben_rockwood 8th Dec 2010
@Loverock Davidson

Nope..not even Mac users who are using Snow Leopard. Snow leopard uses QuicktimeX and these vulnerabilities are not effected on QuicktimeX, but only on older versions like Quicktime 7.x.x
0 Votes
+ -
Loads of people use QuickTime
jasondlnd 9th Dec 2010
@Loverock Davidson

You must deal only with people which only use Microsoft products.

That has to be what...2 maybe 3 people?

Most people worldwide have iPhones, iPads, and/or iPods. To connect them to a PC or Mac, iTunes & Quicktime need to be installed.

Seriously...who really only uses just Windows Media Player for everything? It's limited to just one OS and can't even PLAY every type of file. Quicktime, on the other hand is able to play more files and has a broader array of codecs.

When WMP can't do the job, Quicktime steps up to the plate and usually plays the file. If Quicktime won't play the file, then VLC will usually will do the trick.
0 Votes
+ -
Uh?
statuskwo5 9th Dec 2010
@jasondlnd See my post above of how to make WMP play EVERYTHING.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
lovedong 13th Sep
Thanks very much! happy rolex watches
0 Votes
+ -
No big deal for MAC users
HectorGonzalez 8th Dec 2010
Sigh, this is not gaping holes, that's what Windows is.

MAC computers are protected by the sandbox, and never have any viruses. This article is pure MS propoganda.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
statuskwo5 8th Dec 2010
@HectorGonzalez If that's what you are thinking then I feel sorry for you. The article specifically said "affecting both Mac OSX and Windows users."
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
DaveN_MVP 8th Dec 2010
@statuskwo5

Not to mention that it's Apple's app with the vulnerabilities, nothing that shipped from Microsoft. BTW, if anyone can think of a reason other than your legacy video collection to even play QT videos to begin with, they play just fine in Media Player on Win7. You don't have to deal with unwelcome tag-along apps from Apple, security vulnerabilities, etc. And don't forget VLC, where the same benefits apply.

Well, I'm off to scrape the ice off my crappy VW. If only I'd have been smart enough to buy whatever car Steve Jobs drives, I wouldn't be having all these weather related issues.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
jakenhauser23 Updated - 8th Dec 2010
@HectorGonzalez

Delusional much??
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
mikroland 8th Dec 2010
@HectorGonzalez

Another I-Tard
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
snoop0x7b 8th Dec 2010
@HectorGonzalez No. Actually, it just means that you need two exploits. Something like this combined with Tiger's launchd exploit would make for a very easy root job... Once you can execute code on a machine, regardless of user context, you're screwed because it's a gateway to any local exploit... Which the mac has had plenty of.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
tonymcs@... 8th Dec 2010
@HectorGonzalez

MS propaganda put out by Apple - now that's sneaky wink
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Rick_K Updated - 8th Dec 2010
But if a Mac user is running Snow Leopard this is this an issue? Snow Leopard uses Quicktime X (10). Does the flaw affect Quicktime 10, or just the older version?
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
jakenhauser23 8th Dec 2010
@Rick_K

No sir, this just affects the 7 series of Quicktime. Unless you have installed 7.x on Snow Leopard you should not have any issue.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Rick_K 8th Dec 2010
@jakenhauser23

Was just checking. From the headline it make you wonder if it is all versions, or just one version.
0 Votes
+ -
Can't remember the last time
Cylon Centurion Updated - 8th Dec 2010
I had Quicktime even installed. To Hell with Apple software for PC's.
0 Votes
+ -
Were these exploited?
WarhavenSC Updated - 8th Dec 2010
Were these exploited at all? I don't recall hearing anything in the news about these gaping security holes actually being exploited, so I'm wondering if they were found by Apple engineers and this is simply a preventative patch.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Rick_K 8th Dec 2010
@WarhavenSC
Doesn?t matter. If its Apple software, then (according to the NBM members) it is junk. So even if this is a preventative patch, to them it is automagically being exploited. Then again, to them Apple is the embodiment of evil.
0 Votes
+ -
could this exploit be used elsewhere?
sparkle farkle 8th Dec 2010
say on a linux machine???
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
snoop0x7b 8th Dec 2010
@sparkle farkle Only if it has quicktime on it... Which there isn't a quicktime for linux.
0 Votes
+ -
the AVI files in question...
sparkle farkle 9th Dec 2010
@snoop0x7b If a unix based architecture could get something from the mishandling of these files, then, perhaps the rootkit/virus/trojan that I got on my Ubuntu system is related to something in the movie that I watched right before my network connections disappeared, and the inability to re-install ANY version of Ubuntu on my system, STILL even after a re-install of Vista from my rescue partition. I'm going to use an installation cd and overwrite the boot sector completely, and I'll get back here to report on if that works to remedy the situation, but as far as I can tell it's totally screwed up my boot sector as far as installing Ubuntu is concerned. I was able to install Debian, but then the machine did not want to boot even a Windows install disk. After the broken Ubuntu install, where it stopped at installing grub, I could use other dvd/cd's to install.

Apparently Linux has a vulnerability in the boot sector, and, I believe that the Movie Player (totem I believe) is also susceptible to the same sort of exploit described here. (or that this patch is meant to fix)

good luck, its a nasty one.
0 Votes
+ -
suck sess
sparkle farkle 9th Dec 2010
@snoop0x7b
finally managed to get ubuntu to install after overwriting the boot sector several times with the window installation disk and Bootrec.exe. Definitely from the ubuntu install. There may be holes in the install due to automounting my windows partitions, and I suppose that my windows boot record could have been overwritten that way, but grub could not overwrite the bad stuff from the ubuntu disk, although booting was possible with the debian version.

I can't believe that it was that targeted an attack, but it was. Yes, Virginia, there is a virus/trojan/rootkit/bootkit for Ubuntu.
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
james347 8th Dec 2010
Non issue.
0 Votes
+ -
Two questions please
Dietrich T. Schmitz, ~ Your Linux Advocate 8th Dec 2010
Exactly how big are these 'gaping' holes?
And are they any bigger than the ones reported in Windows?
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
DaveN_MVP 8th Dec 2010
@Dietrich T. Schmitz, Your Linux Advocate

The holes average 9.6 cm each, so pretty big.
I don't think they're any bigger; they seem to be about the same size as the holes in Windows.

I'm feeling pretty stupid today because I don't really understand your questions or their point. This is your way of making a snarky anti-Windows comment in support of your pro-Linux prejudice, right?
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
snoop0x7b 8th Dec 2010
@Dietrich T. Schmitz, Your Linux Advocate Goatse security sized wink
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
tonymcs@... 8th Dec 2010
@Dietrich T. Schmitz, Your Linux Advocate

Oh it wasn't jsut the holes wink Quicktime has been a train wreck on Windows for some time. Only masochists would use it. I'm surprised you even recognize a media player witn you Linux fascinaiton, you have all of one don't you?

wink
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
bitcrazed 8th Dec 2010
@tonymcs@... I am pretty certain that DTS uses a video-to-ASCII-text converter:

http://www.youtube.com/watch?v=atUj6y4xYg8

Should look lovely on his Sun SparcStation1 wink
0 Votes
+ -
LOL! bitcrazed, I thought I saw DTS watching tv on his
John Zern Updated - 9th Dec 2010
Pc the other daY:

http://www.youtube.com/watch?v=2JJd3wnI-VE&feature=related
0 Votes
+ -
Fascinating
Mister Spock 8th Dec 2010
Your fear of Windows has forced you to attempt a redirect.

If Linux has failed you in such a way as to have reduced your comments to nothing more then useless words, maybe you should find someone to help you through your issues.

Judging by the comments directed at you anymore, it appears quite obvious to those here that you may be in desparate need of professional help.
plain
0 Votes
+ -
Maybe you guys can help me out here...
Qbt Updated - 8th Dec 2010
I'm still a bit unsure about how this works so maybe you guys can explain it to me...

On Nov 10, Apple broke all records and released a patch that plugged a staggering 134 holes. Yet not one single post on ZDnet about this. Does anyone know why ZDNet would not have something related to this in a blog post? Seems pretty important to me. Is ZDNet selectively trying to make some OSes appear more secure than they really are? No, it can't possibly be that...

http://www.infoworld.com/d/mac/apple-smashes-patch-record-gigantic-update-889?source=rss_security_central
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
bitcrazed Updated - 8th Dec 2010
@Qbt - silly boy! You should know by now that Apple's OS is entirely free of any flaws and that no malware could ever penetrate OSX' defences, sandboxes, etc.

Or so some (sad, misguided, gullible) people around here would have you believe!
0 Votes
+ -
These security issues are avaliable at any Apple retail location
Mister Spock 8th Dec 2010
plain
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
shellcodes_coder 8th Dec 2010
Do Windows users still use that crap?
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Qussay Najjar 8th Dec 2010
VLC player for Mac.. And KMPlayer for windows just about everything you ever need
0 Votes
+ -
RE: Apple plugs 15 gaping security holes in QuickTime
Qussay Najjar 9th Dec 2010
VLC Player for Mac, and KMPlayer for windows, just about everything you need.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix