14 DAY TRIAL // Do you remember that January 2007 is the Month of Apple Bugs? I was just about to forget, but it seems LMH did it again, by revealing an issue with Apple's QuickTime in the first day of the new year. Well, I don't know when he started looking for problems, but I suppose he had a hell of a party the night between 2006 and 2007... or maybe not, since the exploit is described as being "trivial". Anyway, before getting to the exploit part, let's see what is this all about, shall we?
It seems that a vulnerability was found in the handling of the rtsp:// URL handler, and "By supplying a specially crafted string (rtsp:// [random] + colon + [299 bytes padding + payload]), an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition." As our researchers say, "Exploitation of this issue is trivial, and stack NX can be rendered useless via ret-to-libc."
LMH and Kevin Finisterre managed to successfully exploit this vulnerability in QuickTime version 7.1.3 and Player version 7.1.3, but previous versions should be vulnerable as well. As I expected, both Windows and Mac versions are plagued by this problem. Leaving all the technical details aside, what can be done to avoid problems until Apple releases a new security update or simply a patch for QuickTime?
Unfortunately, the only workaround would be to disable the rtsp:// URL handler, stop using QuickTime or even your computer until a solution is found. Still, let's just say "Who cares?" and keep living our computer user life. Well, that may be a solution for some people, but you'll have to remember one thing - from now on, your computer is a target, until a solution is found!