iEntry 10th Anniversary
Technology
Contact UsA security think tank GNUCitizen says it has found a vulnerability in Apple’s QuickTime multimedia player that can be exploited remotely to compromise Windows Vista PCs upgraded to Service Pack 1, as well as XP SP2.
According to details published on the GNUCitizen.org blog, the exploit involves a maliciously crafted media file. When a user opens the file, which can be hosted on a Web site, the vulnerability in QuickTime allows the hacker to take complete control of the machine, according to Petko D. Petkov, known to the hacking community as “pdp.”
“I highly doubt that anyone knows how to exploit this vulnerability,” Petkov said. “I haven’t shared the details with anyone, and the actual vulnerability is different enough to be rather challenging for even some of the most gifted hackers out there.”
Petkov said.
He showed a video in which QuickTime file was shown sitting on the desktop of a PC running XP SP2. If a user opens the malicious file, Petkov then has control of the PC, demonstrated by the way the applications Paint, Calculator and Notepad are seen launching, apparently without further user intervention. The demonstration is repeated on a PC running Windows Vista inside a virtual machine.
Attacking vulnerabilities in applications is becoming increasingly favored by hackers, as finding problems in operating systems becomes increasingly harder, said Alan Paller, director of research for the SANS Institute, last week at the Infosec conference in London.
Petkov said Monday that he has notified Apple of the problem.
0 responses so far
There are no comments yet...Kick things off by filling out the form below.
You must log in to post a comment.