Apple QuickTime security bug hits Windows
Security researchers are this morning panning Apple Inc. for a security problem which affects Windows.
Wintercore’s Ruben Santamarta claims Apple has failed to clean up some old code nested within QuickTime which can leave Internet Explorer vulnerable to yet another of the Microsoft browser’s long line of potential attacks.
The exploit is simple to execute just by tricking a user into visiting a malicious site hosting the exploit code, a so-called “drive-by” attack.
The attack code works when someone browses with IE on a machine running Windows XP, Vista or Windows 7 that has QuickTime 7.x or the older QuickTime 6.x installed.
Apple patched QuickTime for Windows on August 11 (version 7.6.7).The exploit works because Apple didn’t tidy up QuickTime’s code after developers dropped the “_Marshaled_pUnk” function, something the researcher attributes to human error.
“Although this functionality was removed in newer versions, the parameter is still present,” Santamarta wrote. “Why? I guess someone forgot to clean up the code.”
Recent Stories on 9to5Mac
- Tim Cook Interview excerpt posted: ‘Steve Jobs was a flip flopper’ [Video]
- Cook: Apple is considering killing off Ping, admits it has to be more social
- ‘S’ in iPhone 4S stands for Siri, Apple CEO Tim Cook reveals
- Tim Cook hints at improvements to Siri in coming months, says ‘We have a lot that Siri can do’
- Tim Cook: Stay tuned for stronger Facebook ties with iOS, Apple had no interest in buying Instagram
Best Comments