PC + Mac QuickTime Flaw

Symantec warns that both Windows and Mac systems may be vulnerable to exploits of an unpatched Quicktime flaws



Windows and Mac Shares QuickTime Flaw

Last Sunday, Symantec warned in a DeepSight Threat Management System alert that attackers are trying to exploit an unpatched vulnerability in Apple's QuickTime software that could let them run code on a victim's computer.

Attackers appear to be aimed at Windows users, but Mac OS users could be open to the risk as well, as QuickTime vulnerability in question affects both operating systems. The vulnerability, called the Apple QuickTime RTSP Response Header Stack-Based Buffer Overflow Vulnerability, was first revealed on November 23, and still remains unpatched by Apple.

Windows XP and Windows Vista running Internet Explorer, Firefox, Opera, and Safari are affected by this vulnerability, as well as Apple's own MacOS X 10.4 and 10.5.

Symantec said that there are two types of attacks underway. One involves redireting the victim's computer from an adult web site, Ourvoyeur.net, to another web site that infects the computer with an application called loader.exe. It can be saved to the victim's computer as metasploit.exe, asasa.exe, or syst.exe. Once installed on a computer, this application downloads another binary file, which Symantec identified as Hacktool.Rootkit, a set of tools that can be used to break into a system. It's possible that Ourvoyer.net was compromised as part of the attack.

The second method of attack also involves redirection, however, Symantec is currently investigating the attack to determine what, if any, malicious code is involved.

To protect systems from attack, Symantec recommended blocking access to affected sites. "Filter outgoing access to 85.255.117.212, 85.255.117.213, 216.255.183.59, 69.50.190.135, 58.65.238.116, and 208.113.154.34. Additionally 2005-search.com, 1800-search.com, search-biz.org, and ourvoyeur.net should be filtered," it said, adding IT managers can also block outgoing TCP access to port 554.

Alternatively, IT managers could take more drastic steps. "As a last measure, QuickTime should be uninstalled until patches are available," the alert said.