Apple QuickTime exploit in the wild

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability.

Researcher Joji Hamada wrote in Symantec's Security Response Weblog on Saturday that the company had seen an active exploit for the vulnerability in Apple's media-streaming program that could lead to users downloading Trojan software.

Hamada said the exploit code was found on a compromised porn site that redirects users to a site hosting malicious software called "Downloader." Downloader is a Trojan that causes compromised machines to download other malicious software from the Internet. Symantec rates Downloader as "very low" risk.

No patch is currently available for the vulnerability, which affects version 7.x, and which lies in a boundary error when QuickTime processes Real Time Streaming Protocol (RTSP) replies.

Symantec is advising concerned IT professionals to run Web browsers at the highest security settings possible, disable Apple QuickTime as a registered RTSP protocol handler, and filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

Proof of concept code was published when the vulnerability was disclosed by security research company Secunia last week.

Tom Espiner of ZDNet UK reported from London.

[jelloburn]

I love it...

If you are an IT professional, wouldn't it make sense to block out all
porn sites in the first place. Employees shouldn't be getting their
jollies at work. Sounds like a good way to get yourself fired if
you're the employee that came across it.

[fred dunn]

MPACK! Remember that...Apple Hurry Up!

It is a kit of malware code to insert malicious code into a legitimate website.
All one of your users has to do is click on an infected ad on a legitimate site and it lauches an iframe to that site.
Bingo we have a winner!
Fortunately for now at least Symantec is indicating that they have signatures for the payloads being sent out of this site but how long before more sites with different zero day payloads show up?

[Ilgaz]

Still no patch from Apple, amazing

First of all, RTSP is the standard protocol for realtime (streaming)
media delivery. Quicktime, Real and even MS Windows Media
Player uses those ports.

It is amazing that Apple didn't come up with a hotfix yet.
Quicktime installations hard earned over years will be zeroed once
again. In fact, it effects iTunes too.

[rcrusoe]

Good thing we don't allow any streaming

When we asked management which optional protocols we should
allow on our network, they couldn't come up with a single business
reason for allowing streaming media, so we blocked it.

But based on firewall logs, the largest group of employees that still
try to watch streaming media on any day is management.

Go figure. :)

[pctec100]

No patch. Not even a statement on it!

I understand not being able to get a hotfix out yet. There's a lot of testing that must be done.

But seriously, how about a statement from Apple confirming they are investigating the issue or have a target date for releasing a fix.

I just got QT 7.3 packaged for deployment and I've been holding for a few days on it to see if I'm going to have to do 7.3.1 right behind it.

This is one area were Apple would do well to follow Microsoft's lead and issue an alert even if it's not accompanied by the fix.

[M C]

Gotta go to a porn site, THEN download an app...

...IS there a patch to keep getting stupid people from doing stupid stuff?

[J_Satch]

Can't fix stupid!

That's why we have the Darwin awards! :)

[K.P.C.]

Can't fix stupid . . . ?

You mean like somone suggesting Apple should follow MS's lead
on security issues?

ROFLMAO!!!! :-D