Don't open media files from sources you don't trust--it may lead to your computer being hacked, a security researcher has warned.
Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer's popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack. He first
disclosed the flaw in early December.
An attacker could commandeer a vulnerable computer by tricking a user into opening a malicious ".mov" media file, the Mission Viejo, Calif.-based bug hunter said in an advisory posted on his Security-Protocols.com Web site late Tuesday.
"The vulnerability allows an attacker to cause the program to crash and could allow the execution of arbitrary code," Ferris said. "The flaw exists in all current and earlier versions of iTunes and QuickTime."
Ferris said he reported the problem to Apple earlier this month. On Dec. 2, he posted only a snippet of information on the flaw on his Web site, followed Tuesday by a complete security advisory, including examples of malformed media files that cause iTunes and QuickTime to crash.
Media player flaws are nothing new. Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications, the SANS Institute said recently. Apple has had to fix flaws in its software before. eEye Digital Security earlier this month issued an alert on flaws in RealNetworks' RealPlayer.
For protection, Ferris' recommends that computer users don't open media files, or any file for that matter, from untrusted sources.
Naturally Macintosh users assume that every time a new threat appears, people reading CNET have never heard of Macintosh. Therefore, they need to be informed about the benefits of their preferred product.
Because you can't run unauthorized code with elevated rights unlike a windows machine. Therefore while they might be able to trigger a buffer overrun on a Mac, they certainly won't be able to install software like they could on a Windows system. Therefore once again, Mac is protected, Windows is not. Microsoft needs to fix this one, not Apple.
It is possible to make an exploit run with elevated previliges on Mac OS X. Quite simply all it needs is a flaw in components of the OS that run with elevated previliges. Sure the normal user doesn't run like that, but don't be kidding yourself if you think that critical system services on OS X don't. Here's a real example - <a class="jive-link-external" href="http://secunia.com/advisories/17813/" target="_newWindow">http://secunia.com/advisories/17813/</a> Take a look at item no 5 - "5) An error exists in the ODBC Administrator utility helper tool "iodbcadmintoo". This can be exploited by malicious, local users to execute commands with escalated privileges."
Now shut up and don't make stupid claims like Max OS X is immune to all flaws.
Whats more Macinista's will still claim Mac OS X is still magically immune
No doubt Mac Fanatics will claim that this is impossible to exploit or refuse to even acknowledge the list of various flaws in Mac OS X - <a class="jive-link-external" href="http://secunia.com/product/96/" target="_newWindow">http://secunia.com/product/96/</a>
Somehow Mac OS X is magically immune from it all and Apple must be stupid be put out the fixes for it. All it will take is the first successfull Mac OS worm to put an end to their illusions.
It will take the fist Mac worm. The problem is.. after 4 years.. there just aren't any. There are no worms or viruses for the Mac OS. Only a fool would say that it is invulnerable.. but only a fool would say that it is as vulnerable as Windows given the structure of the OS. Fact is, as the current tech goes.. a self-propogating virus, without the users knowledge, is impossible on the Mac OS. Prove me wrong.
Instead of bashing each other, should we not be talking about how to defend against this together as opposed to Mac/Windows users gloating over a flaw that effects the Mac/Windows OS. Windows has it's good and bad as does Apple. I work on Wintel boxes during the day and use Apples at home, so what! It's about the "Criminals" (not Hackers) that are trying to hurt all of us. Spread the love folks!
I get annoyed fixing windows boxes all the time and yet I read about M$ making billions of dollars a MONTH.
Doesn't that annoy you any? Couldn't they just make 40 billion a year in profit and spend 10 billion making things nicer? Of course they could, but they will only respond to the market demand.
Unless people and companies complain they have no incentive.
Spread the love is good for people but not good for souless corporations.
Sorry, but all the complaining in the world isn't going to cause the slightest ripple of change at Microsoft. The ONLY thing that will cause any change is people and companies BUYING a competing product.
Look at the zillions of dollars Microsoft and a whole bunch of other companies rake in as a result of hard-to-use, insecure products--how-to books, anti-whatever software, IT support, etc. Compensating for their mediocre products is a HUGE industry! Where's the incentive to change???
A decrease in Microsoft's bottom line is the ONLY thing that will do it! And I don't see that happening any time soon.
No, you can't. The "exploit to which he is referring involves a person physically sitting in front of your computer, trying to gain root access your system. This hardly counts, IMO.
No, you can't. The "exploit" to which he is referring involves a person physically sitting in front of your computer, trying to gain root access your system. This hardly counts, IMO.
And a proof-of-concept here: <a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html</a>
OK, I'll bite, since somebody has to keep you honest.
I did check your citations. Thanks for the laugh.
Just check here: <a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a> sh.renepo.b.html
This is not a virus, it's the Opener rootkit. Like all rootkits, it's quite dangerous, but it can only do damage if the user was stupid enough to install it by typing in an administrator password. Compare this to the Sony rootkit, that installs without any user intervention simply by inserting an infected CD.
And here: <a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a> mac.simpsons@mm.html
This is a worm, and from the description it looks like it only affects Mac OS 9, not OS X. Next!
Another here: <a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/" target="_newWindow">http://www.symantec.com/avcenter/venc/data/</a> macos.mw2004.trojan.html
This is a trojan, like the name says. Just like the Opener rootkit, it needs an admin password to install. Also, the only files it can delete are those in your home dirctory. It can't touch anything owned by another user, or any system files. If a trojan like this were to infect a Windows machine, it would be able to delete everything on all harddrives connected to the system. This is yet another example of how Mac OS X is sturdier than Windows.
A Hypercard virus? Now you're really pushing the limits of credibility. Hypercard won't run on OS X.
And a proof-of-concept here: <a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a> mp3concept.html
Yep, that was an interesting concept that nobody had a chance to actually exploit, because it was patched so quickly.
So let's recap. One root kit and one trojan. Two actual threats that, unlike the Sony rootkit, can't run without an admin password. Two obsolete Mac OS 9 viruses, a Hypercard virus that also can't infect OS X, and a patched proof-of-concept that had ZERO exploits in the wild.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
After a higher-than-expected fourth quarter, the video subscription service unburdens itself of a pending yearlong class action suit and settles for $9 million.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
<a class="jive-link-external" href="http://secunia.com/advisories/17813/" target="_newWindow">http://secunia.com/advisories/17813/</a>
Take a look at item no 5 -
"5) An error exists in the ODBC Administrator utility helper tool "iodbcadmintoo". This can be exploited by malicious, local users to execute commands with escalated privileges."
Now shut up and don't make stupid claims like Max OS X is immune to all flaws.
<a class="jive-link-external" href="http://secunia.com/product/96/" target="_newWindow">http://secunia.com/product/96/</a>
Somehow Mac OS X is magically immune from it all and Apple must be stupid be put out the fixes for it. All it will take is the first successfull Mac OS worm to put an end to their illusions.
just aren't any. There are no worms or viruses for the Mac OS. Only
a fool would say that it is invulnerable.. but only a fool would say
that it is as vulnerable as Windows given the structure of the OS.
Fact is, as the current tech goes.. a self-propogating virus, without
the users knowledge, is impossible on the Mac OS.
Prove me wrong.
to defend against this together as opposed to Mac/Windows users
gloating over a flaw that effects the Mac/Windows OS. Windows has
it's good and bad as does Apple. I work on Wintel boxes during the
day and use Apples at home, so what! It's about the
"Criminals" (not Hackers) that are trying to hurt all of us. Spread the
love folks!
Doesn't that annoy you any? Couldn't they just make 40 billion a year in profit and spend 10 billion making things nicer? Of course they could, but they will only respond to the market demand.
Unless people and companies complain they have no incentive.
Spread the love is good for people but not good for souless corporations.
Sorry, but all the complaining in the world isn't going to cause the slightest ripple of change at Microsoft. The ONLY thing that will cause any change is people and companies BUYING a competing product.
Look at the zillions of dollars Microsoft and a whole bunch of other companies rake in as a result of hard-to-use, insecure products--how-to books, anti-whatever software, IT support, etc. Compensating for their mediocre products is a HUGE industry! Where's the incentive to change???
A decrease in Microsoft's bottom line is the ONLY thing that will do it! And I don't see that happening any time soon.
Um, yeah. That's because I installed the security patch. So that dood that said Mac users are gonna say their machines are magically secure are right!
SAY it aint so!?!
ex2bot
Proud owner of somewhat overpriced but oh so lovely and fun Macs
1. old iBook
2. iMac G4 (a.k.a. DeskLamp Pro!)
3. Power Mac G5 dual-processor 1.8 GHz w/magic Apple dust custom installed
Mac virus count: 0 (a.k.a. donut w/o hole)
Spyware count: 1 confirmed commercial keystroke logger (must be installed with admin password)
Trojans: 1 (requires admin password to install)
What are YOUR stats, boys?
person physically sitting in front of your computer, trying to gain
root access your system. This hardly counts, IMO.
person physically sitting in front of your computer, trying to gain
root access your system. This hardly counts, IMO.
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html</a>
And here:
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/mac.simpsons@mm.html" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/mac.simpsons@mm.html</a>
Another here:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/macos.mw2004.trojan.html" target="_newWindow">http://www.symantec.com/avcenter/venc/data/macos.mw2004.trojan.html</a>
...and another:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/mac-sevendust.html" target="_newWindow">http://www.symantec.com/avcenter/venc/data/mac-sevendust.html</a>
...and yet another:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/macmag.html" target="_newWindow">http://www.symantec.com/avcenter/venc/data/macmag.html</a>
And a proof-of-concept here:
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/mp3concept.html</a>
There ARE viruses for Mac OS X.
Just check here:
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a>
sh.renepo.b.html
This is not a virus, it's the Opener rootkit. Like all rootkits, it's
quite dangerous, but it can only do damage if the user was
stupid enough to install it by typing in an administrator
password. Compare this to the Sony rootkit, that installs without
any user intervention simply by inserting an infected CD.
And here:
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a>
mac.simpsons@mm.html
This is a worm, and from the description it looks like it only
affects Mac OS 9, not OS X. Next!
Another here:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/" target="_newWindow">http://www.symantec.com/avcenter/venc/data/</a>
macos.mw2004.trojan.html
This is a trojan, like the name says. Just like the Opener rootkit,
it needs an admin password to install. Also, the only files it can
delete are those in your home dirctory. It can't touch anything
owned by another user, or any system files. If a trojan like this
were to infect a Windows machine, it would be able to delete
everything on all harddrives connected to the system. This is yet
another example of how Mac OS X is sturdier than Windows.
...and another:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/mac-" target="_newWindow">http://www.symantec.com/avcenter/venc/data/mac-</a>
sevendust.html
Oops. Another OS 9 virus. They do keep sneaking into this
discussion, don't they?
...and yet another:
<a class="jive-link-external" href="http://www.symantec.com/avcenter/venc/data/macmag.html" target="_newWindow">http://www.symantec.com/avcenter/venc/data/macmag.html</a>
A Hypercard virus? Now you're really pushing the limits of
credibility. Hypercard won't run on OS X.
And a proof-of-concept here:
<a class="jive-link-external" href="http://securityresponse.symantec.com/avcenter/venc/data/" target="_newWindow">http://securityresponse.symantec.com/avcenter/venc/data/</a>
mp3concept.html
Yep, that was an interesting concept that nobody had a chance
to actually exploit, because it was patched so quickly.
So let's recap. One root kit and one trojan. Two actual threats
that, unlike the Sony rootkit, can't run without an admin
password. Two obsolete Mac OS 9 viruses, a Hypercard virus
that also can't infect OS X, and a patched proof-of-concept that
had ZERO exploits in the wild.
Does that about cover it?