QuickTime bug threatens XP, Vista

The hacked code of a deadly security bug that has not been fixed in Apple's QuickTime application has recently been released online.

Mr. Krystian Kloskowski - a reputable security expert of Symantec - is the one who discovered this QuicTime error and officially released it last week. Just one day after announcing the error, Kloskowski and another researcher published a bug exploit code.

The above exploit code is authenticated to be able to attack QuickTime version 7.2 and 7.3 running on Windows XP SP2 or Windows Vista platform. The error stems from the method of processing Real Time Streaming Protocol (RTSP) - the procedure to link the streaming audio / video streaming audio / video file.

On November 26, security vendor Symantec confirmed that the QuickTime version for Mac OS X has the same error. The exploit code announced by Kloskowski is also available for QuickTime attack on Mac OS.

Symantec said hackers can attack users by tricking them into accessing a malicious website that stores audio / video streaming files "transplanted" exploit codes or tricking them to click to open an attached QTL file. by email.

If successfully exploiting this security error, hackers will be able to "cram" more malicious code onto the system that makes a mistake and steal a lot of personal information of the user. If not successful, hackers will also hang QuickTime always.

The security expert collaborated with Kloskowski to say that the version of QuickTime running on Vista is more vulnerable to attacks on Windows XP. The reason is because QuickTimePlayer does not integrate the mechanism of Address Space Layout Randomization (ASLR) operating memory level like Vista.

Three weeks ago Apple also released an update to fix a series of bugs in QuickTime 7.3 version related to image processing and Java features. Generally, since the beginning of the year, Apple has had to fix a total of 31 QuickTime security errors.

Hoang Dung