QuickTime Movies Are Vector for System Hijacks

There are eight security flaws that allow tainted QuickTime movies to lead to sensitive information being stolen.

Tainted QuickTime movies can get a system hijacked or lead to sensitive information being stolen due to eight security vulnerabilities in Apples movie-viewing software.

According to Apple, the first problem is caused by a memory corruption error when processing a malformed H.264 movie. H.264—also known as MPEG-4 Part 10 or AVC (Advanced Video Coding—is a standard for video compression.

If a user were to view a bogus H.264 movie, it could lead to either the application quitting or a targeted system being laid open to arbitrary code execution.

The second vulnerability is caused by a memory corruption error when processing a malformed movie file, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious file, the Cupertino, Calif., company said July 12.

Another QuickTime bug involves the handling of .m4v files and also may lead to unexpected application termination or arbitrary code execution. The problem is an integer overflow vulnerability.

QuickTime also has a problem with handling SMIL (Synchronized Multimedia Integration Language) files that again could lead to system takeover. SMIL is a W3C-recommended XML markup language for describing multimedia presentations. This, too, is an integer overflow issue.

QuickTime for Java is the source of a fifth issue. This problem, which is a design issue, could allow disabling of security checks so that a victim can be lured into visiting a site that serves up a malicious Java applet. After that, an attacker could take over the targeted system.

The sixth issue is also a design error in QuickTime for Java that can be exploited by malicious Java applets to bypass security checks and read and write process memory, leading to arbitrary code execution.

/zimages/5/28571.gifClick here to read more about Java security problems found in QuickTime.

The seventh issue is yet another design error in QuickTime for Java. This one involves certain interfaces being exposed by JDirect, a Java-to-native library. Again, the risk boils down to system takeover, according to Apple.

The eighth vulnerability is also caused by a design error in QuickTime that could be exploited by attackers to capture a clients screen content by tricking a user into visiting a specially crafted Web page.

Apple has issued an update, QuickTime 7.2, to fix all of these security problems. It can be obtained from Apples downloads site or via Apples automatic software update.

For more details, check Apples product security site.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.