|
|
|
Zero-Day Exploit for Apple QuickTime Vulnerability |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Proof of concept exploit code for a newlydiscovered vulnerability in Apple's QuickTime player has been madeavailable to the public today. The vulnerability Apple QuickTime RTSP Response Header Content-Length Remote Buffer Overflow Vulnerability was first reported on November 23rd by Polish security researcher Krystian Kloskowski. The publicly released exploit works successfully when tested withthe latest stand-alone QuickTime player application version 7.3. Itdoes not seem to execute any shellcode when tested with the QuickTimebrowser plugin even though the browser crashes due to the bufferoverflow. At the moment we believe the most likely attack scenarios to appear using this vulnerability could be 1. Email based attacks. 2. Web browser based attacks. In the email attack scenario the user receives a malicious emailwith an attachment containing a file with some extension associated bydefault to QuickTime Player e.g. .mov, .qt, qtl., gsm, .3gp, etc . Theattachment is not actually a media file, but instead it is an XML filewhich will force the player to open an RTSP connection on port 554 tothe malicious server hosting the exploit. When the QuickTime Playercontacts the remote server, it receives back the malformed RTSPresponse which triggers the buffer overflow and the execution of theattacker s shellcode immediately. This attack requires users todouble-click on the QuickTime multimedia attachment to run. It is worthbearing in mind that this attack may also work with other common mediaformats such as mpeg, .avi, and other MIME types that are associatedwith the QuickTime player. In the Web browser attack scenario, the attack will most likelystart with a hyperlinked URL sent to the user. When the user clicks onthe URL, the browser loads a page that has a QuickTime streaming objectembedded in it. The object initiates the RTSP connection to themalicious server on port 554 and exploit code is sent in response. We have tested the exploit behavior of the current exploit againstsome of the common Web browsers. We have seen that with InternetExplorer 6 7 and Safari 3 Beta the attack is prevented. View Image The browser in this case loads the QuickTime Player as an internalplugin and when the overflow occurs, it triggers some standard bufferoverflow protection that shut downs the affected processes before anydamage can be done. Attackers may attempt to refine the exploit in thecoming days in order to overcome this initial hiccup and work to createa reliable exploit that works on Internet Explorer. Firefox users are more susceptible to this attack because Firefoxfarms off the request directly to the QuickTime Player as a separateprocess outside of its control. As a result, the current version of theexploit works perfectly against Firefox if users have chosen QuickTimeas the default player for multimedia formats. View Image At this time there is no patch available to resolve this issue so toreduce the risk against this threat users are advised to restrict outbound connections on TCP 554 using their firewalls and to avoidfollowing links to untrusted Web sites. Les mots clés de la revue de presse pour cet article : zero-day exploit apple quicktime vulnerability Les videos sur SecuObs pour les mots clés : exploit apple vulnerability Les mots clés pour les articles publiés sur SecuObs : exploit Les éléments de la revue Twitter pour les mots clé : zero-day exploit apple vulnerability Les derniers articles du site "Symantec Connect Security Response Billets" :- What you need to know about election apps and your personal data- Microsoft Patch Tuesday April 2016- New Adobe Flash Player exploit used by Magnitude and Nuclear exploit kits- Latest Intelligence for March 2016- New Flash zero-day exploited by attackers in the wild- Samsam may signal a new trend of targeted ransomware- Four tax scams to watch out for this tax season- Most prevalent Android ransomware in the West arrives in Japan- Taiwan targeted with new cyberespionage back door Trojan- Seven Iranians charged in relation to cyberattacks against US
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
