14 DAY TRIAL // We live in a world were all vulnerabilities are exploited equally. And with Microsoft products already classic targets for exploits, attackers are beginning to turn to Apple. It makes no difference if the flaw resides in Windows, or an Apple product or a piece of software built by a third-party and running on top of an operating system.
Cupertino-based security company Symantec has made public a part of the findings of the DeepSight Threat Analyst Team, resulted from the monitoring of honeypots "crawlers." The main role of the crawlers is to navigate the Internet while emulating actual users and various browsers and to detect client-side exploits hosted on websites.
The Microsoft MDAC RDS.Dataspace ActiveX Control vulnerability, which allows for remote code execution in the eventuality of successful exploits, is already a household target in the threat environment. "With the crawlers, we capture a lot of the run-of-the-mill malicious code using legacy web vulnerabilities," revealed Aaron Adams, Symantec Security Response Engineer.
But alongside Microsoft legacy vulnerabilities, Symantec has also discovered two fresh exploits targeting flaws that have been overlooked so far. A particular phishing attack detected by Symantec is directed at Apple. "A previously unseen exploit targeted the Apple QuickTime RTSP URI Remote Buffer Overflow Vulnerability (BID 21829). This vulnerability was originally disclosed on January 1, 2007 as part of the Month of Apple Bugs. Until now, we were unaware of its exploitation in the wild. The exploit used the ubiquitous heap-spraying technique to easily achieve code execution in a predictable location. Heap-spraying works by using a JavaScript loop to fill up process memory with supplied data, increasing the probability of a predictable memory layout," Adams explained.
The specified vulnerability has been already patched by Apple and Symantec had stressed the fact that public proof-of-concept exploits were available in the wild before the recent attack was discovered. The Cupertino-based company revealed that exploitation of this vulnerability was not previously detected.
"This highlights the fact that phishing authors are keeping with the times, and are increasing their chances of successful exploitation by targeting a variety of third-party software, in addition to the more common Internet Explorer vulnerabilities we see being targeted. It also speaks to users not quickly applying application patches when attackers find it worth their while to attack bugs that have been patched for months," Adams revealed.