QuickTime needs a quick fix...

what does "with little user interaction." mean??? to me it seams as if you would have to authorize it for the code to work.
 
Security flaw discovered in QuickTime installation
[PC Pro] 10:53

Security firm eEye has discovered a flaw in the default installation of QuickTime.

The company notified Apple 14 days ago and its practice is not to reveal details of the flaw until it has been fixed, confining itself to the following description: 'A vulnerability in default installations of the affected software that allows malicious code to be executed with little user interaction.'

Further information is available in eEye Upcoming Advisory EEYEB-20040218. http://www.eeye.com/html/Research/Upcoming/20040218.html

It is interesting to compare this single discovery to the list of outstanding flaws in Microsoft software. http://www.eeye.com/html/Research/Upcoming/index.html

Simon Aughton

Read comments: 0






Back to top
http://www.macuser.co.uk

eric
 
Jeez, it would be nice if they would tell us how to fix it at least. I suppose it might be that that would basically give away how to exploit it as well...
 
Still an unspecified vulnerability at this stage. Notice that it allegedly affects all platforms supported by QuickTime: MacOS, MacOSX, Windows and Unix.
I'm not too sure though what the phrase "Little user interaction" really means, though.
 
Maybe all you've got to do is launch the damn thing!

Problem is for mac users, QuickTime is embedded into the system.

So it begs the question: does this leave us with big back door into our systems?..
 
octane said:
Maybe all you've got to do is launch the damn thing!

Problem is for mac users, QuickTime is embedded into the system.

So it begs the question: does this leave us with big back door into our systems?..
Your kick almost went through, but you are wide to the right. QuickTime is not embedded into the System, it is a part of the System. That being the case, it is always on, not only when you are watching your pirated copy of your favorite Tera Patrick video. That being the case, "minimal user interaction" is something other than "launching" QuickTime.
 
Well if QuickTime [the component, not the player] isn't embedded, first try taking it out -- assuming the system will let you.

Assuming even further you have managed to pull it out, try running any application and see what you get?

If that's not embedded, then I don't know what is.

But yes, 'always on' is what I meant to say...
 
I never thought I'd see a sentence with Tera Patrick and "minimal user interacton" and embedded in the same sentence. :D :D :D
 
octane said:
Well if QuickTime [the component, not the player] isn't embedded, first try taking it out -- assuming the system will let you.

Assuming even further you have managed to pull it out, try running any application and see what you get?

If that's not embedded, then I don't know what is.

But yes, 'always on' is what I meant to say...
The term "embedded" implies a non-essential element that has been integrated into the system. QuickTime is no more embedded in the MacOS X/MacOS than a spouse is embedded in a marriage. Take away the former, you don't have the latter.
 
by little user interaction, read: user rights are ignored or elevated. In simpler terms, it's an exploit that has the potential of side-stepping typical user rights and permissions.

and in this case, they are being careful to not explain the exploit explicitly; other than to Apple. They do this type of stuff all of the time. This is just one of the few times that an exploit - other than the Admin rights/CD boot in 10.1 - that MacOSX was affected for the most part.
 
Back
Top