[Geeks are Sexy] technology news





Tuesday, January 02, 2007

Dangerous Zero-day Mac Exploit Released

Yes folks, the MoAB (Month of Apple Bugs) has officially begun today. The first vulnerability to be disclosed to the public is an extremely dangerous one that uses QuickTime to execute a malicious payload that could wreck your system quite easily. Here are the details:

This is the first of many Apple vulnerabilities that will be exposed this month. This exploit is EXTREMELY dangerous because it can be remotely triggered with a malicious email attachment or a specially crafted webpage that will automatically trigger the QuickTime "movie" which is actually not a movie but a malicious payload. The exploit is in weaponized Metasploit form and there are no patches available. Disabling QuickTime playback in the web browser of choice might be the only temporary work-around at this time. Mac users should also avoid opening QuickTime files they receive in email unless they're sure the file is from someone they trust and it's intended for them.

For those of you who are running Intel-based Macs and who wish to verify if they are vulnerable to this particular exploit or not, here is a test link that will let you know all about it.

Read more



4 Comments:

  • What? that's impossible. Mac is invulnerable to these things aren't they?

    *Sigh* that's it .. the world is coming to an end!!

    *Tongue In Cheek*

    Now if only the Unix people will admit that they are vulnerable too, the world will be right again.

    By Blogger AlRo, at 1:22 PM  

  • What's that supposed to look like? Cause I'm on a powerbook and just get a lot of weird characters, like some weird html.

    is that the exploit?

    By Blogger schildkroeter@web.de, at 2:23 PM  

  • The thing is supposed to display something like "Happy New Year"... the details can be obtained via this link

    By Blogger Kiltak, at 2:37 PM  

  • From the page: "This issue has been successfully exploited in QuickTime™ Version 7.1.3, Player Version 7.1.3. Previous versions should be vulnerable as well"

    By Blogger Kiltak, at 2:39 PM  

Post a Comment

Links to this post:

Create a Link

<< Home