Published in News

Apple Quicktime vulnerability exploited

by on04 December 2007


But software still unpatched

have worked out a way of exploiting a hole in Apple's Quicktime and are using it to install trojans, according to security company, Symantec. According to Symantec's Security Response Weblog, the company has seen an active exploit for the vulnerability in Apple's media-streaming program.

The exploit was found on a compromised porn site that redirects users to a site hosting a trojan called "Downloader" which downloads more malware. Although Symantec rates Downloader as "very low" risk, no patch is currently available for the vulnerability, which affects version 7.x.

Symantec is advising users to disable Apple QuickTime as a registered RTSP protocol handler, and filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.
Last modified on 05 December 2007
Rate this item
(0 votes)