Links
Apple Quicktime Zero-Day Advisory
GSA Reference Number: AD080429-01
Simply Put: The Apple QuickTime Media Player is vulnerable to a remote code execution vulnerability. This remote code execution vulnerability is a security flaw that could allow a malicious file to run other programs and applications on the user’s machine when they watch a QuickTime movie. If a user opens a malicious QuickTime file, it could take over the user’s machine. The QuickTime file could be located on a website, in an email attachment or on a CD or hard drive. No patch is available at this time.
Attack Details: Further details have not yet been released. A proof-of-concept video has been released by gnucitizen.org (link below). Users need only load a QuickTime video on a vulnerable system to be exploited. This exploit works on both Windows XP and Windows Vista machines.
Countermeasures: No patch is currently available from Apple. Administrators should ensure QuickTime is only installed on systems with a business need for the software. Users should not open any unsolicited quicktime files from emails or websites. Be aware that iTunes installations install QuickTime by default.
As always, users should be reminded about practicing safe web surfing habits. Users should not click on advertisement links to unknown companies. Advertisement links are a common delivery method for malware. Furthermore, users should not download any files from websites without a business purpose to do so. Antivirus vendors are not yet able to detect this vulnerability.
Reference Links:
- Security Focus Advisory (http://www.securityfocus.com/bid/28959)
- GNUCITIZEN Advisory (http://www.gnucitizen.org/blog/quicktime-0day-for-vista-and-xp/)
- Apple QuickTime Homepage (http://www.apple.com/quicktime/)