QuickTime 7.1.3 sowie ältere Releases beinhalten eine hochkritische Sicherheitslücke, welche Angreifern erlaubt, Dateien zu löschen und/oder zu verschlüsseln. Der Fehler findet sich sowohl in der Windows- wie in der Mac OS X-Version. Ein Sicherheitspatch seitens Apple existiert derweilen noch nicht. Eine zwischenzeitliche Entfernung von QuickTime gilt als empfehlenswert.
Quote:
Workaround or temporary solution
The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage.
techPowerUp!: Zero-day exploit in QuickTime revealed
Month of Apple Bugs (Key Source): Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
Quote:
Zero-day exploit in QuickTime revealed
A serious exploit in Apple's QuickTime has been exposed by the "Month of Apple Bugs" project. The exploit affects both Windows and Mac based versions of QuickTime 7.1.3 and earlier. The exploit could potentially allow a hacker to remotely launch what QuickTime thinks is a movie which could then be used to hijack your PC by deleting or encrypting your files for a ransom. Apple doesn't have a patch for this serious exploit yet, so the safest measure to take would be to remove QuickTime from your computer if this proves to be genuine. The project should provide evidence to the public that Macs suffer numerous security flaws and it isn't only Windows based computers.
Workaround or temporary solution
The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage.
techPowerUp!: Zero-day exploit in QuickTime revealed
Month of Apple Bugs (Key Source): Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow
News by Luca Rocchi and Marc Büchel - German Translation by Paul Görnhardt - Italian Translation by Francesco Daghini
Previous article - Next article
comments powered by Disqus
comments powered by Disqus