QuickTime Vulnerabilities - Cyber Security Alert TA06-132B

C

CootDog

I'm not sure if this is the right forum, but it is a technology vulnerability. Please see message below concerning Quicktime:

National Cyber Alert System

Technical Cyber Security Alert TA06-132B


Apple QuickTime Vulnerabilities

Original release date: May 12, 2006
Last revised: --
Source: US-CERT


Systems Affected

Apple QuickTime on systems running

* Apple Mac OS X
* Microsoft Windows


Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of
these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.


I. Description

Apple QuickTime 7.1 resolves multiple vulnerabilities in the way
different types of image and media files are handled. An attacker
could exploit these vulnerabilities by convincing a user to access
a specially crafted image or media file with a vulnerable version
of QuickTime. Since QuickTime configures most web browsers to
handle QuickTime media files, an attacker could exploit these
vulnerabilities using a web page.

For more information, please refer to the Vulnerability Notes.


II. Impact

The impacts of these vulnerabilities could allow an remote,
unauthenticated attacker to execute arbitrary code or commands, and
cause a denial-of-service condition. For further information,
please see the Vulnerability Notes.


III. Solution

Upgrade

Upgrade to QuickTime 7.1. This and other updates for Mac OS X are
available via Apple Update.

Disable QuickTime in your web browser

An attacker may be able to exploit this vulnerability by persuading
a user to access a specially crafted file with a web
browser. Disabling QuickTime in your web browser will defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document.


Appendix A. References

* Vulnerability Notes for QuickTime 7.1 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_7.1>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

* About the security content of the QuickTime 7.1 Update -
<http://docs.info.apple.com/article.html?artnum=303752>

* Apple QuickTime 7.1 -
<http://www.apple.com/support/downloads/quicktime71.html>

* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>

* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>


____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-132B.html>
 
Sort by date Sort by votes
You will find tons of this for more than just quicktime, there are currently no exploits in the wild (not that there won't be soon), and apple has released 7.1 (yesterday) to address these concerns. They were lab discoveries that apple was alerted to and patched before it could be a problem. This is a good time to reiterate that keeping your systems updated is very important. Macintosh, Windows or *nix...along with all of your software. It's annoying, but necessary.
 
Upvote 0 Downvote
Many MAC users boast about there not being any vulnerabilities or virus or WORMS, which affect their machines. However, I have been getting more and more alerts concerning MAC. Linux is starting to get more and more too.

Whatever you do, ensure you are protected by virus protection software, at least. There's also spyware and adware you need to worry about too.
 
Upvote 0 Downvote
I'm a Mac user (MAC is machine address code, you should know that ;) ). I'm also a network admin. I've fought off worm infestations in mac based companies before, not fun...I wrote a retro virus during the Hong Kong Virus outbreak in the late 90's. I worked at a newspaper at the time and that one attacked image files. We didn't lose any images or any working days.

It got spread when Apple bowed to the whining of some of their users who wanted a feature added to the system that all their windows friends had...the ability to have a CD automatically start an application when you put it in (DUH!). It took a week for someone to exploit that and make it around the world...billions of dollars were lost in the print industry from that bad boy.

With gaining market share and Apple's boasting, Virii writers will begin to target the platform more as a badge of honor, but there will still be more and nastier virii for Windows simply based on market share. The writers of the virii that make it out into the wild want the biggest bang for their buck, that means the market leading OS.

I do boast...not about being invulnerable, but about my computer not having been infected with anything in over 10 years with no virus protection. I do practice safe computing though; not opening/reading junk/suspicious e-mail, only downloading internet software from reputable sources that scan their content as a matter of course, home network behind a VERY restrictive firewall. I also monitor intrusion attempts on my network.

I do, however, understand the risks of having no virus protection on my computer as well...but as of now, there is no adware/spyware on my computer...I'm not sure that there is that much out there for the Mac as of this posting and no virii...except possibly a couple of the mutated "Happy Panther" Microsoft VBScript guys hanging around (Office for Mac starts to run the infection code then stops when it hit the payload which tries to access the registry - which neuters the worm leaving it to redistribute itself with no payload.

I've had limited success with the OSX offerings of the commercial software and went to the opensource ClamXAV as a scanner, running it once a month currently finds no infections. My intrusion detection scans for SSH traffic (the only port I've got open that is generally usable by intrusion zombies)...I've attached it to this post, it's a shellscript that will run under MacOSX10.4. It should run under various other *nixes. I've got 2 other versions of this, one which attacks the systems that attack it (given an attempt to success ratio that suggests an attack) and the other automatically e-mails the admins of the IPs in question...I'm still working on that one.

Code: 
#!/bin/sh

echo =====================================================================================
printf "%-16s: %15s - %-15s %8s %6s %5s %5s %5s\n" "IP Address" "Starting" "Ending" "Init" "Probe" "User" "Pass" "Good"
echo =====================================================================================

for ip in `cat /var/log/system.log | grep START | cut -d= -f3 | sort | uniq`
do
beg=`cat /var/log/system.log | grep $ip | grep START | head -n 1 | cut -b -15 | expand -1`
end=`cat /var/log/system.log | grep $ip | grep START | tail -n 1 | cut -b -15 | expand -1`
start=`cat /var/log/system.log | grep $ip | grep -c START`
probe=`cat /var/log/system.log | grep $ip | grep -c "Did not receive identification"`
user=`cat /var/log/system.log | grep $ip | grep -c Illegal`
pass=`cat /var/log/system.log | grep $ip | grep -c Failed`
good=`cat /var/log/system.log | grep $ip | grep -c Accept`
printf "%-16s: %3s %2s %8s - %3s %2s %8s %8s %6s %5s %5s %5s\n" $ip $beg $end $start $probe $user $pass $good
done

echo =====================================================================================

for ip in `gunzip -c /var/log/system.log.* | grep START | cut -d= -f3 | sort | uniq`
do
beg=`gunzip -c /var/log/system.log.* | grep $ip | grep START | head -n 1 | cut -b -15 | expand -1`
end=`gunzip -c /var/log/system.log.* | grep $ip | grep START | tail -n 1 | cut -b -15 | expand -1`
start=`gunzip -c /var/log/system.log.* | grep $ip | grep -c START`
probe=`gunzip -c /var/log/system.log.* | grep $ip | grep -c "Did not receive identification"`
user=`gunzip -c /var/log/system.log.* | grep $ip | grep -c Illegal`
pass=`gunzip -c /var/log/system.log.* | grep $ip | grep -c Failed`
good=`gunzip -c /var/log/system.log.* | grep $ip | grep -c Accept`
printf "%-16s: %3s %2s %8s - %3s %2s %8s %8s %6s %5s %5s %5s\n" $ip $beg $end $start $probe $user $pass $good
done
echo =====================================================================================
 
Upvote 0 Downvote
It's true about MAC and Mac... however PC and Mac don't seem right in the same line, so I've gotten used to using PC and MAC, but now I'm working towards my CCNA and the MAC is a sub-layer of the DLL in the OSI model. With that said, MAC still means the same, but MAC shouldn't be used to represent a Mac.
 
Upvote 0 Downvote
You must log in or register to reply here.
Back
Top