X
Tech
Home Tech Security

Exploit discovered for QuickTime vulnerability

A story on ZDNet news ("Apple QuickTime exploit in the wild") explains that Symantec researcher Joji Hamada has discovered active exploit code in the wild for an unpatched Apple QuickTime vulnerability.The "active exploit" takes advantage of a vulnerability in QuickTime v.
Written by Jason D. O'Grady, Contributor
Exploit discovered for QuickTime vulnerability
A story on ZDNet news ("Apple QuickTime exploit in the wild") explains that Symantec researcher Joji Hamada has discovered active exploit code in the wild for an unpatched Apple QuickTime vulnerability.

The "active exploit" takes advantage of a vulnerability in QuickTime v.7.x that could lead to users downloading Trojan software. The vulnerability reportedly lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called "Downloader." Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as "very low" risk.

Symantec is advising concerned IT professionals to:

  • Run Web browsers at the highest security settings possible
  • Disable Apple QuickTime as a registered RTSP protocol handler, and
  • Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Look for a patch for this nasty soon.

Editorial standards
Show Comments

Related

Google Pixel 8a Aloe and Bay

Google Pixel 8a hands-on: 3 features make this my favorite $499 phone today

A photo of a bonzai tree.

Why I use the Linux tree command daily - and what it can do for you

Close-up of a speaker for the SteelSeries Arena 9. It is on a wall shelf next to a few RPG rule books and merch from the 2018 Netflix revival of She-Ra

The most immersive speaker system I've ever tested isn't from Bose or Sonos