QuickTime RTSP Vulnerability Proof-of-concept Surfaces

A few days after a flaw was discovered in the QuickTime handling
of the Real Time Streaming Protocol (RTSP), researchers have
been able to craft a proof-of-concept exploit, according to Computerworld on Thursday.

This particular exploit can cause remote code execution through the QuickTime RTSP protocol vulnerability on Microsoft Windows and Apple systems,” Symantec said. “This is the first working exploit for Apple systems that we have observed.”

The appearance of a proof-of-concept exploit at the site milw0rm.com has
be characterized as a “tripwire” by Symantec. “Once we see something in Metasploit, we know itis likely weill see it used in attacks,” Alfred Huger, vice president of engineering with Symantecis security response group said last summer.

The proof-of-concept works on Intel or PPC Macs running Tiger or Leopard with
QuickTime 7.2 or 7.3 (It also affects Windows XP SP2.) Symantec explained
how it might work along with some preventive measures
.

Apple has not yet published a fix.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.