WARNING: QuickTime Bug Poses Immediate Threat

A very serious bug has been discovered in Apple's QuickTime that could affect Windows and Mac users both by opening them up to attacks by malicious Web sites. The QuickTime flaw launches the MOAB - or Month of Apple Bugs, an independent "security" project run by known hackers in an attempt to exploit a new Apple bug each day in the month of January. Other projects by this same group include Month of Kernel Bugs (MOKB) and Month of Browser Bugs (MOBB). The bug itself was originally discovered by "LMH" - a hacker who has not revealed his identity.The flaw affects users who have QuickTime Player version 7.1.3 installed, as well as previous versions. The problem itself is in the way that QuickTime handles URLs that begin with rtsp:// and is being exploited to create a stack-based buffer overflow via HTML, JavaScript or a QTL file, according to LMH.An attack that uses this flaw has the potential to execute malicious code and take over a system. LMH said in his statement, "Exploitation of this issue is trivial," and even supplied a working version of an exploit that hackers could use - increasing the danger that it will be used before a patch is issued.Possible workaround suggestions include uninstalling QuickTime and disabling the rtsp:// handler. Security companies Secunia and FrSIRT have reviewed the flaw and have both agreed that the bug does pose an immediate threat to users. Klixxx will post updates as soon as a patch is delivered for users.

http://www.protect-x.com/