Quicktime bug poses immediate threat

Posted by Mark Raby

An exploit in the Apple Quicktime application is the headliner in a project known as the Month of Apple Bugs (MOAB), aimed at unveiling security holes in the Mac OS X operating systems.

The flaw, which also affects Windows users, deals with how Quicktime handles a specific URL address. Media streamed from an "rtsp://" address could be exploited to overflow a stack's buffer, according to the MOAB bulletin. The hole offers the possibility of "leading to an exploitable remote arbitrary code execution condition," which means that the user's PC could be seized by a hacker.

There is not yet an actual fix for the exploit, though users can prevent possible attacks by disabling Quicktime from running "rtsp:// content".

MOAB is a project with the goal of dispelling the myth that Apple computers are immune from viruses and bugs, and is from the same people behind last November's Month of Kernel Bugs project.