Apple QuickTime security bug hits Windows
Security researchers are this morning panning Apple Inc. for a security problem which affects Windows.
Wintercore’s Ruben Santamarta claims Apple has failed to clean up some old code nested within QuickTime which can leave Internet Explorer vulnerable to yet another of the Microsoft browser’s long line of potential attacks.
The exploit is simple to execute just by tricking a user into visiting a malicious site hosting the exploit code, a so-called “drive-by” attack.
The attack code works when someone browses with IE on a machine running Windows XP, Vista or Windows 7 that has QuickTime 7.x or the older QuickTime 6.x installed.
Apple patched QuickTime for Windows on August 11 (version 7.6.7).The exploit works because Apple didn’t tidy up QuickTime’s code after developers dropped the “_Marshaled_pUnk” function, something the researcher attributes to human error.
“Although this functionality was removed in newer versions, the parameter is still present,” Santamarta wrote. “Why? I guess someone forgot to clean up the code.”
Recent Stories on 9to5Mac
- UK TV network warned Apple not to use ‘iTV’ for television
- VLC 2.0 arriving with all-new UI, native full screen in Lion, Blu-ray support, more
- Chinese Authorities in Shijiazhuang snatch iPads from retailer over ‘iPad’ name trademark dispute
- 90GB OCZ 90GB Agility 3 SATA3 SSD for $100 (minus $30 rebate)
- Eddy Cue accepts Trustees Grammy for Steve Jobs
Recent Comments