Wednesday, September 1, 2010

QuickTime backdoor allows takeover of Windows 7 machines, ancient line of code to blame

Filed under: Security, Windows, AppleA decade-old backdoor in Apple's QuickTime media player allows someone to completely take over or run malicious code on a Windows 7 machine, according to The Register. The weird backdoor is an unused parameter called "
_Marshaled_pUnk," which has been around since 2001, and was originally used to draw contents in the current QuickTime window without opening a new one. The function is gone now, but that line of code was never deleted.

I know there's probably an enormous codebase for QuickTime, but it's pretty crazy to think that Apple hasn't removed it in nearly 10 years of code reviews (there were code reviews, right, Apple?). The Register says that an attack module exploiting this vulnerability is on the way from security open-source community Metasploit. We'll see if Apple issues a fix for
_Marshaled_pUnk, or if Apple and bunch of Windows users get punked first. Yikes!
QuickTime backdoor allows takeover of Windows 7 machines, ancient line of code to blame originally appeared on Download Squad on Mon, 30 Aug 2010 17:00:00 EST. Please see our terms for use of feeds.Read | Permalink | Email this | Comments

ASUSTEK COMPUTER ATandT AUTODESK AUTOMATIC DATA PROCESSING

No comments:

Post a Comment