Researcher discovers QuickTime zero-day

Researcher discovers QuickTime zero-day

Summary: White hat hacker Petko D. Petkov has discovered a zero-day vulnerability in a patched version of Apple's QuickTime player for XP and Vista and has the video to prove it.

SHARE:
TOPICS: Hardware, Mobility
4

White hat hacker Petko D. Petkov has discovered a zero-day vulnerability in a patched version of Apple's QuickTime player for XP and Vista and has the video to prove it.

Ryan Naraine has the video from Petkov, founder of the GNUCitizen think tank.

In the scenarios included in the video Petkov easily gained control of the computer and launched various applications.

Topics: Hardware, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Here we go again..

    Same old song again.....but wait, i dont use Quicktime anymore so im safe :)
    JT82
  • On Vista the exploit runs with fewer privileges because UAC is enabled

    On Vista the exploit runs with fewer privileges because UAC is enabled by default and so the damages are very very limited to the user space.
    qmlscycrajg
    • Because of course

      losing all your files in your user space is no big deal at all.
      Please, can we just let this myth die that deleting files out of
      your home directory is no big deal because, well, the system
      files have remained intact.

      OS X apologists use it, too and it's stupid.
      frgough
      • Hehe, how times have changed!!

        [i]OS X apologists use it, too and it's stupid.[/i]

        I remember before Vista came out how all the OS X zealots would drone on and on about how they had nothing to fear from any malware because all of their system files were safe. I tried to say the exact same thing you just said but was labeled an M$ $hill. I guess that makes you an M$ $hill too! ;)

        To be truly safe, these applications have to run with [b]fewer[/b] privileges than the current user has, like IE7's Protected Mode and Linux's AppArmor. If (and it is a big if) I were to allow Quicktime on my computer systems, I would run it from a shortcut that ran it under a Sandbox user account. That way, the millions and billions of holes that are uncovered in Quicktime every day would only be able to damage Sandbox user files. Of course, you always have to worry about privilege escalation so you are never totally safe which is why I absolutely refuse to run any of Apple's applications. What does Quicktime have that I need? Nothing.
        NonZealot