/>
X
Tech
Home Tech Security

Exploit discovered for QuickTime vulnerability

A story on ZDNet news ("Apple QuickTime exploit in the wild") explains that Symantec researcher Joji Hamada has discovered active exploit code in the wild for an unpatched Apple QuickTime vulnerability.The "active exploit" takes advantage of a vulnerability in QuickTime v.
Written by Jason D. O'Grady, Contributor on
Exploit discovered for QuickTime vulnerability
A story on ZDNet news ("Apple QuickTime exploit in the wild") explains that Symantec researcher Joji Hamada has discovered active exploit code in the wild for an unpatched Apple QuickTime vulnerability.

The "active exploit" takes advantage of a vulnerability in QuickTime v.7.x that could lead to users downloading Trojan software. The vulnerability reportedly lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called "Downloader." Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as "very low" risk.

Symantec is advising concerned IT professionals to:

  • Run Web browsers at the highest security settings possible
  • Disable Apple QuickTime as a registered RTSP protocol handler, and
  • Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Look for a patch for this nasty soon.

Editorial standards
Show Comments

Related

chat bot

What is ChatGPT and why does it matter? Here's what you need to know

ai tools on a computer illustartion

I've tested a lot of AI tools for work. These are my 5 favorite so far

Temu logo

Is Temu legit? What to know about this shopping app before you place an order