Zero-day exploit for QuickTime in the wild

By on September 18, 2008, 4:01 PM
It didnít take long for an exploit to emerge in QuickTime version 7.5.5. Merely a week after Apple updated the media player to plug nine security bugs, a proof-of-concept exploit for a zero-day vulnerability has been posted, which can be used to crash iTunes, a web browser, or any other program that uses the QuickTime plug-in.

The exploit, which was published on the milw0rm.com site earlier this week, takes advantage of a flaw in QuickTime that causes a crash when an unusually-long parameter is passed along with a movie file. While not actually demonstrated, it is also claimed that remote code execution may be possible ďwith no user interaction, other than an attempt to view a file.Ē

At the moment, there is no recommended workaround or patch available for the code exploit, so users are (as always) encouraged to safely browse the web and avoid opening QuickTime files from unknown sources.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.