inicio mail me! sindicaci;ón

The apple QuickTime loophole code exposes XP/Vista to save the risk

December 2, 2007 at 11:54 am · Filed under software

The safe researcher police said that that, apple QuickTime mediabroadcast software has a repair the security loophole. Attacked thissecurity loophole the code already to publicize. Therefore, veryquickly will appear to moves the attack which Windows XP and the Vistacomputer will implement.

Cuts off Sunday (on November 25), but also had not heard Mac OS Xedition this kind of media broadcast software whether also does havethis security loophole.

According to the match gate iron gram the police which issued with theAmerican computer emergency response group said that that, QuickTime7.2 and 7.3 (also possibly includes early edition) the center thisserious security loophole to have processes the solid fashionagreement to this player software (RTSP) in the process. The aggressorcan use the class content which this security loophole deceit uservisit evil intention or is entrusted with specially manufactures thewebsite which breaks through, or convinces the user to open in theemail appendix the QTL document.

Match gate iron gram name Poland researcher Krystian Kloskowski isdiscovers this zero date attack security loophole in the Friday firstreport in the milw0rm.com website. Saturday, Kloskowski has issued theattack code. Another net named “InTeL” the researcher has issuedanother some concept proof samples. These attack codes can in moveQuickTime 7.2 or 7.3 Windows XP SP2 and Windows on the Vista computermove.

Successfully uses this security loophole to be able password systeminformation and so on to let aggressor safe extra evil intentionsoftware or to steal. If the attack defeat, this attack only can causethe QuickTime collapse.

InTeL stated that, an apple development personnel’s mistake lets theaggressor be able easily to implement the attack to the Vista system.He said that, the QuickTimePlayer binary code has not opened ALSR(address space layout randomisation) the function. ALSR is a Vistasecurity function, may stochastically to the memory allocation dataand the application procedure module, if exe and dll document, thuscauses the aggressor to be very difficult to determine the importantfunction and has the loophole the code position.

Match gate iron gram analyst Anthony Roe stated that, apple thisnegligence causes to use this security loophole to be easier

Bookmark:Digg Del.icio.us Reddit

Leave a Comment