‘Critical’ Apple security hole
p2pnet.net News:- A new “highly critical,” and as yet unpatched, Apple QuickTime security hole could open not only Macs but also Windows PCs to hack attacks, say media reports.
The Month of the Apple Bugs project promises to feature a new Apple software bug each day in January and started with details of the QuickTime 7.1.3 bug which, “relates to how the media player software handles the Real Time Streaming Protocol, or RTSP, according to an advisory published on the Month of the Apple Bugs site,” says CNET News.
“An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory,” and, “The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account,” the story has LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs, saying.
“It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime.”
The effort, with LMH and Kevin Finisterre behind it, kicked off on Monday and the QuickTime hole was rated “critical” by the French Security Incidence Response Team, or FrSIRT, and “highly critical” by Secunia, says InfoWorld.
“In response to the publication of the QuickTime flaw, Apple spokesman Anuj Nayar said the company always welcomes feedback on how to improve security on the Mac, a standard company statement,” says the story. “Nayar did not comment on the specifics of the flaw or provide any indication of when Apple may deliver a patch.”
Back in December, “I hate to be the one to bring down fire and brimstone from Apple users upon my head, but I must venture under the torrid sky for a few moments,” posted Ryan Carter on DownloadSquad, going on:
Through some carefully placed corporate propaganda in no small number of places, Apple has tried (rather successfully) to convince its users that Mac OS is impervious and invincible, while the company we love to hate (Microsoft) continues to wallow in its own filth and bug-infested software. Apple has been painting a very pretty picture of late, but their rose-colored glasses may start to turn a shade of orangish-pink come 2007. In January, two security researchers plan to reveal a bug in OS X or in an OS X application every day of the month that has previously been undocumented. Now, before you all put on the spandex suits and burn this blog down with your flame-throwers, this is honestly a good thing for Apple and Mac users lovers everywhere. My tiny little point here is that Macs are NOT perfect, and that Apple is over-selling the idea just a bit too much.
If your Net access is blocked by government restrictions, try Psiphon from the Citizen Lab at the University of Toronto’s Munk Centre for International Studies. Go here for the official download, here for the p2pnet download, and here for details. And if you’re Chinese and you’re looking for a way to access independent Internet news sources, try Freegate, the DIT program written to help Chinese citizens circumvent web site blocking outside of China. Download it here.
Also See:
CNET News – QuickTime zero-day bug threatens Macs, PCs, January 2, 2007
InfoWorld – Windows also target in month of Apple Bugs, January 2, 2007
DownloadSquad - January 2007: Month of Apple Bugs, December 22, 2006
p2pnet newsfeeds for your site | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
January 4th, 2007 at 11:21 am
I wish this didn’t need to be news – Apple shouldn’t decry its product as unassailable and Microsoft should switch to software practices that are realistically maintainable. Linux isn’t one entity that can be pigeonholed, though it isn’t perfect either.
Does anyone at all hold out hope for the day when botnets are a historical relic?