• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

QuickTime Movie Handling Vulnerability Only Affects Windows Users

August 13, 2010 By The Editor

Severity: Medium

13 August, 2010

Summary:

  • These vulnerabilities affect: QuickTime 7.6.6 and earlier for Windows (Mac version is unaffected)
  • How an attacker exploits them: By enticing your user into viewing a maliciously crafted movie
  • Impact: An attacker could execute code on your user’s computer, potentially gaining control of it
  • What to do: Download and install QuickTime 7.6.7 for Windows or let Apple’s Software Update tool do it for you at your earliest convenience

Exposure:

Late Yesterday, Apple released a security update to fix a single vulnerability in the Windows version of QuickTime, their popular media player. According to Apple, the error logging component in QuickTime suffers from a buffer overflow vulnerability. By luring one of your users into viewing a maliciously crafted movie, an attacker can exploit this buffer overflow to execute code on that user’s computer, with that user’s privileges. Since most Windows users have local administrative privileges, attackers could often leverage this flaw to gain complete control of Windows machines.

Though Apple’s QuickTime update only fixes one security flaw, it is a fairly risky one. If you use QuickTime in your network, we recommend you update it at your earliest convenience

Solution Path:

Apple has released QuickTime 7.6.7 to fix this security issue. Windows administrators who allow QuickTime in their network should download, test, and deploy the updated version at your earliest convenience. By default, Apple’s download bundles iTunes with QuickTime, but because iTunes often has security issues of its own, we recommend that you select the option of downloading QuickTime alone.

For WatchGuard Users:

You can mitigate the risk of this flaw by blocking .mov files with your WatchGuard appliance. QuickTime is primarily used to play .mov files, which is likely the type of movie file an attacker would leverage to exploit this flaw. You can use the HTTP, SMTP, and FTP proxy on some WatchGuard appliances to block files by their extension. If you want to block QuickTime movie files, the links below contain video instructions showing how to block them by extension (.mov). Keep in mind, this technique also blocks legitimate movies as well.

  • Firebox X Edge running 10.x
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy
  • Firebox X Core and X Peak running Fireware 10.x or Fireware XTM
    • How do I block files with the FTP proxy?
    • How do I block files with the HTTP proxy?
    • How do I block files with the POP3 proxy?
    • How do I block files with the SMTP proxy?

Status:

Apple has released updates to fix these issues.

References:

  • Apple’s August QuickTime advisory

This alert was researched and written by Corey Nachreiner, CISSP.

Share This:

Related

Filed Under: Security Bytes Tagged With: Apple, quicktime

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • 3CX Supply Chain Attack
  • Here Come The Regulations

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • 3CX Supply Chain Attack
  • The NSA’s Guidance on Securing Authentication
  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use