14 DAY TRIAL // It looks like the game has been taken up a notch, as the QuickTime vulnerability that was first found on Windows and later confirmed in OS X now has a working proof-of-concept exploit. Apple hasn't issued any updates yet, so users will have to get down and dirty and plug the hole themselves.
The bug in QuickTime's handling of the Real Time Streaming Protocol (RTSP) was first discovered on Windows, and it did not take too long for a working exploit to appear. Then the hole in the audio/video-streaming standard was also found in OS X, but there was no working exploit for it, a denial of service attack and a crashed QuickTime being the worst that could happen. Now, after several days, a working OS X exploit has been made.
Symantec warns customers of the release of a Metasploit exploit module which can cause remote code execution. The Metasploit exploit testing framework created by noted security researcher and hacker HD Moore is used by the company as a tripwire of sorts, and they caution that typically rogue exploits soon follow. The exploit can be used against both Intel and PowerPC based Macs, and will work Tiger and Leopard alike. Properly executed, Metasploit can hijack the target machine, so it is nothing to take lightly.
Symantec urged users to disable Apple QuickTime as an RTSP protocol handler and filter outbound traffic over the most common (but not the only available) posts used by RTSP, which include TCP port 554 and UDP ports 6970-6999.
Since it might be a while before Apple comes out with a patch, users who wish to protect themselves from possible exploit can follow these simple steps:
- open System Preferences and choose QuickTime - select the 'Advanced' tab and then click 'MIME settings' at the bottom - expand the Streaming section by clicking the triangle next to it and then uncheck RTSP