Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

Skip to comments.

Mac, Windows QuickTime Flaw Opens 'Month Of Apple Bugs'
Information Week ^ | Jan 2, 2007 03:04 PM | Gregg Keizer

Posted on 01/03/2007 11:04:31 AM PST by newgeezer

The exploit could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.

The Month of Apple Bugs project kicked off Monday by posting a zero-day vulnerability in Apple's QuickTime media player. It also posted an exploit that could be used by attackers to compromise, hijack, or infect computers running either Windows or Mac OS X.

The Month of Apple Bugs (MoAB), which will announce a new security vulnerability in Apple's operating system or other Mac OS X software each day in January, is a follow-on to November's "Month of Kernel Bugs" campaign, and is co-hosted by that project's poster, a hacker who goes by the initials "LMH," and a partner, Kevin Finisterre, a researcher who has posted numerous Mac vulnerabilities and analyses on his own site.

The debut vulnerability is in QuickTime 7's parsing of RTSP (RealTime Streaming Protocol); the protocol is used to transmit streaming audio, video, and 3-D animation over the Web. Users duped into clicking on an overlong rtsp:// link could find their PCs or Macs compromised. It also may be possible to automatically trigger an attack simply by enticing users to a malicious Web site.

"Exploitation of this issue is trivial," said LMH in the vulnerability's write-up on the MoAB Web site. The associated exploit code has been tested on Mac OS X running on Intel-based systems, and works against QuickTime 7.1.3, the current version of the player, LMH and Finisterre said.

Other security researchers rang alarms Tuesday. Danish vulnerability tracker Secunia, for example, pegged the bug as "highly critical," the second-from-the-top threat in its five-step score, and Symantec alerted customers of its DeepSight threat network of the vulnerability.

An Apple spokesman declined to confirm the vulnerability, or, if it was legitimate, when the flaw might be fixed. In an e-mail, he said that "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."

LMH, who didn't immediately reply to several questions sent via e-mail, said on the MoAB site that Apple's Mac OS X operating system was chosen as the target for the month of vulnerabilities because "we like to play with OS X, we enjoy hate e-mail, and it's not as crowded as (random software vendor), yet. Thus, it's really comfortable for research and there's so much to be worked out."

He also said that Apple -- and other vendors whose Mac OS X applications might be the focus of a bug posted during the month's run -- would not be notified in most cases before the information went live, and dismissed that practice. "The point is releasing them without vendor notification. The problem with so-called 'responsible disclosure' is that for some people, it means keeping others on hold for insane amounts of time, even when the fix should be trivial. And the reward (automated responses and euphemism-heavy advisories) doesn't pay off in the end."

LMH, Finisterre, and commercial security vendors recommended that users cripple QuickTime's ability to process rtsp:// links. In Windows, launch QuickTime, select Edit|Preferences|QuickTime Preferences, click the File Types tab, expand Streaming, and clear the box marked "RTSP stream descriptor." In Mac OS X, select System Preferences|QuickTime|Advanced|MIME Settings|Streaming|Streaming Movies and clear the "RTSP stream descriptor" box.

Apple's QuickTime was last in the news during December, when a bug in the player was exploited by fraudsters on MySpace. That vulnerability remains unpatched.

LMH expects to see more QuickTime attacks now that his newest flaw has gone public. He said, "It's a matter of time to see this getting abused in the wild."


TOPICS:
KEYWORDS: apple; bugs; moab; security; threadjester
Navigation: use the links below to view more comments.
first previous 1-20 ... 441-460461-480481-500 ... 541-557 next last
To: rzeznikj at stout
you're the one going nuts because somebody chose to use 3 instead of e in his screen name.

No I simply referred to him as a hacker since he has obvious hacker symbology in his username, which clearly threw you into a tizzy, not me. If you feel you can finally somehow prove it's not possible for him to be a hacker you can keep trying, but trying to lie and claim I'm the one "going nuts" and not you is not working. It's hysterically funny, actually LOL.

461 posted on 01/12/2007 10:43:08 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 456 | View Replies]

To: newgeezer

This can't be true. We all know Apple products never have security issues.

Like that new iPhone...I heard you can backdate your stock trades on it...


462 posted on 01/12/2007 10:44:25 AM PST by BurbankKarl
[ Post Reply | Private Reply | To 1 | View Replies]

To: Golden Eagle
LOL of course you don't, as we've seen you admit to knowingly and puposefully lying for months in defense of theives, why would we be surprised you don't think "lifting" can be equated to stealing?

It appears you are being intentionally obtuse again, and again taking my words out of their context yet again. "Lifting" DOES equate to "stealing" (or in this case copyright infringement). I put it in quotes because, in the obvious context that you again ignore, I don't think Microsoft "stole" anything.

463 posted on 01/12/2007 10:46:01 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 447 | View Replies]

To: rzeznikj at stout
i searched through the stack and haven't seen anything. until i do, i'm going to have to presume it ain't there.

You have to find the stack for NT 3.1, as Microsoft replaced the BSD stack as of 4.0.

464 posted on 01/12/2007 10:47:47 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 459 | View Replies]

To: rzeznikj at stout
MS and Spider lifted the stack

More lies. You're willing to give Russian crackers a free pass for illegal activity, then falsely accuse legitimate businesses of crimes. No wonder you want to be a defense attorney when you grow up.

465 posted on 01/12/2007 10:49:02 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 457 | View Replies]

To: Golden Eagle

You're waaaaaaaaay off base here. L33t is much more associated with gaming than hacking. And let's not even get into the hypocrisy of you using LOL, one of the earliest pieces of internet slang on the path to development of l33t.


466 posted on 01/12/2007 10:50:57 AM PST by discostu (Feed her some hungry reggae, she'll love you twice)
[ Post Reply | Private Reply | To 461 | View Replies]

To: Golden Eagle
I'm the one that has repeatedly shown that the technology was bought and paid for,

Actually, that would mean absolutely nothing. Microsoft could have paid Spider $20 million for the stack, but Spider wasn't the author, so it doesn't matter. The Regents of Berkeley holds the copyright, and the terms of its license must be honored. But as I've said before (and contrary to your assertions), I know of no evidence that Microsoft violated the BSD license.

I find that purchase kind of funny though. Microsoft paid for something it could have gotten for free straight from Berkeley.

467 posted on 01/12/2007 10:52:06 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 455 | View Replies]

To: rzeznikj at stout

Wait, change that, I think they replaced the stack in 3.5.


468 posted on 01/12/2007 10:55:55 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 459 | View Replies]

To: antiRepublicrat

OK--btw, do you still have copies of the NT 3.1 boot disks--I have an ISO of a CD I picked up for cheap, but can't run it in VMware or qemu without the blasted boot disks. And my Win98-based general one doesn't work.

i can then check NT 3.1 and see what it says. I didn't see it in NT 3.51, btw.


469 posted on 01/12/2007 10:56:39 AM PST by rzeznikj at stout (Boldly Going Nowhere...)
[ Post Reply | Private Reply | To 464 | View Replies]

To: Golden Eagle

I don't give them a free pass if the activity is explicitly illegal under a solid statute.

These guys' activities were only illegal because of the DMCA, which I might add is constantly being appealed because there is no constitutional basis to support the law (meaning it simply defaults back to being yet another shredding of the First Amendment).

Evenso, the DMCA requires you profit from it. These guys didn't make a penny from it.

Thus the argument of "letter of the law" vs. "spirit of the law."


470 posted on 01/12/2007 11:01:06 AM PST by rzeznikj at stout (Boldly Going Nowhere...)
[ Post Reply | Private Reply | To 465 | View Replies]

To: antiRepublicrat
Are you intentionally dense? Where did I even insinuate my test of you was your fault?

Another lie of denial. Several times, including on this thread. You claimed you were justified in knowingly and purposefully lying for months due to "GE's paranioa of Russians", etc. You do like lying "for fun" don't you, just as you've admitted on this thread as well.

471 posted on 01/12/2007 11:06:09 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 460 | View Replies]

To: rzeznikj at stout; Golden Eagle
MS and Spider lifted the stack

Another little law exercise here. If attribution is indeed not there (not proven yet), then it becomes a question of who removed the attribution.

If Microsoft did it, then they are liable for civil damages and criminal punishment (knowingly and for profit, the key ingredients).

If Spider did it, then Spider is liable for civil damages and criminal punishment. But Microsoft would be mostly off the hook. You could not then say Microsoft knowingly infringed, and in that case all criminal bets are off, and civil damages can't be very high (and Microsoft would probably sue Spider to recover them anyway). Microsoft's remedy for future infringement would be simple and relatively inexpensive: stick the attribution back in and then put the new code in the next patch and all future install shipments.

472 posted on 01/12/2007 11:06:30 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 457 | View Replies]

To: rzeznikj at stout
there is no constitutional basis to support the law

I already showed you a federal trial of other Russians who cracked Adobe. Take your claims it was unconstitutional up with the judge.

473 posted on 01/12/2007 11:13:09 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 470 | View Replies]

To: Golden Eagle
Several times, including on this thread.

Link, please, and IN CONTEXT. And remember: justification and fault are two different things. A "reason, fact, circumstance" is the first definition for "justification", while fault in this context deals with responsibility for an action. And I don't remember you holding a gun to my head, forcing me to type it.

BTW, have you finally figured out your context test in #360? Or do you still think I accused you of having sex with goats?

474 posted on 01/12/2007 11:15:39 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 471 | View Replies]

To: antiRepublicrat

Typical, you make endless excuses including lies you admit to perpetrating for months in defense of illegal Russian hacking, but can't wait to accuse an American corporation of theft of a product that is generally given away for free. Just as we'd expect, toss a few lies on top and you'll be done LOL.


475 posted on 01/12/2007 11:19:04 AM PST by Golden Eagle
[ Post Reply | Private Reply | To 472 | View Replies]

To: Golden Eagle
I already showed you a federal trial of other Russians who cracked Adobe.

They were selling the cracking software: "for profit" requirement met.

They admitted they knew about the DMCA: "willful" requirement met.

On second thought, now that you provided the Adobe C&D, you can say that their infringement was willful for the time after the letter (assuming the letter actually got to the hackers, as it was not sent directly to them). However, the article still shows not a hint of them doing it for financial gain. Both are required by law.

The obvious unconstitutionality, stupidity, and downright unfairness to the public of the DMCA is an entirely different matter. I can explain that if you'd like.

476 posted on 01/12/2007 11:23:22 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 473 | View Replies]

To: Golden Eagle; antiRepublicrat

Why don't you two get a room? See that little button marked "mail"? If you guys used that for your mutual flamefest, maybe the rest of us could find the posts pertinent to this thread.


477 posted on 01/12/2007 11:26:55 AM PST by LexBaird (98% satisfaction guaranteed. There's just no pleasing some people.)
[ Post Reply | Private Reply | To 475 | View Replies]

To: Golden Eagle
but can't wait to accuse an American corporation of theft of a product

Show me, with a link, and IN CONTEXT, where I accused either of these corporations of "theft" (actually, copyright infringement) of the BSD TCP/IP stack.

If you can't then admit your libel and retract your statement. I actually want to see "I committed libel against you, and I apologize. I fully retract the statement." And after that, you can apologize for all of your past instances of libel.

BTW, you're lucky that libel is a civil issue, not a criminal one. Earlier though, I could not have prevailed in a libel case against you. Absolutely nobody here believed your drivel, so it would be impossible for me to show damage to my reputation. However, I now have a case since one other FReeper finally believed you.

478 posted on 01/12/2007 11:31:23 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 475 | View Replies]

To: LexBaird; Golden Eagle
Why don't you two get a room?

As is his style, GE destroyed this thread long ago. It's not worth saving anymore. Besides, there are a few of us in this with GE.

479 posted on 01/12/2007 11:34:19 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 477 | View Replies]

To: antiRepublicrat

I just want to know about the Mac bugs: flaws or FUD?

You know ... the subject of the thread?


480 posted on 01/12/2007 11:53:17 AM PST by LexBaird (98% satisfaction guaranteed. There's just no pleasing some people.)
[ Post Reply | Private Reply | To 479 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 441-460461-480481-500 ... 541-557 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Smoky Backroom
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson