Version: 2008
  • On The Insider: Britney's Bikini-Clad Top 10

Comments on: Apple QuickTime exploit in the wild

An active exploit has been seen by Symantec for a vulnerability that affects the latest versions of Apple QuickTime.

Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
I love it...
by jelloburn December 3, 2007 8:55 AM PST
If you are an IT professional, wouldn't it make sense to block out all
porn sites in the first place. Employees shouldn't be getting their
jollies at work. Sounds like a good way to get yourself fired if
you're the employee that came across it.
Reply to this comment
MPACK! Remember that...Apple Hurry Up!
by fred dunn December 3, 2007 3:49 PM PST
It is a kit of malware code to insert malicious code into a legitimate website.
All one of your users has to do is click on an infected ad on a legitimate site and it lauches an iframe to that site.
Bingo we have a winner!
Fortunately for now at least Symantec is indicating that they have signatures for the payloads being sent out of this site but how long before more sites with different zero day payloads show up?
Still no patch from Apple, amazing
by Ilgaz December 3, 2007 9:55 AM PST
First of all, RTSP is the standard protocol for realtime (streaming)
media delivery. Quicktime, Real and even MS Windows Media
Player uses those ports.

It is amazing that Apple didn't come up with a hotfix yet.
Quicktime installations hard earned over years will be zeroed once
again. In fact, it effects iTunes too.
Reply to this comment
Good thing we don't allow any streaming
by rcrusoe December 3, 2007 10:24 AM PST
When we asked management which optional protocols we should
allow on our network, they couldn't come up with a single business
reason for allowing streaming media, so we blocked it.

But based on firewall logs, the largest group of employees that still
try to watch streaming media on any day is management.

Go figure. :)
No patch. Not even a statement on it!
by pctec100 December 3, 2007 1:14 PM PST
I understand not being able to get a hotfix out yet. There's a lot of testing that must be done.

But seriously, how about a statement from Apple confirming they are investigating the issue or have a target date for releasing a fix.

I just got QT 7.3 packaged for deployment and I've been holding for a few days on it to see if I'm going to have to do 7.3.1 right behind it.

This is one area were Apple would do well to follow Microsoft's lead and issue an alert even if it's not accompanied by the fix.
View reply
Gotta go to a porn site, THEN download an app...
by M C December 3, 2007 10:31 AM PST
...IS there a patch to keep getting stupid people from doing stupid stuff?
Reply to this comment
Can't fix stupid!
by J_Satch December 3, 2007 12:37 PM PST
That's why we have the Darwin awards! :)
Can't fix stupid . . . ?
by K.P.C. December 3, 2007 5:07 PM PST
You mean like somone suggesting Apple should follow MS's lead
on security issues?

ROFLMAO!!!! :-D
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET