subscribe to our feed.It seems that security in this age is very hard to keep up with. There are endless exploits for people to abuse. Maybe someday we will have proactive measures for this type of thing. In the mean time, it’s always a good thing when a software vendor owns up and corrects a problem with their software. Ignoring the problem - baaaaaaad. It seems that Petko D. Petkov, a professional penetration tester found two very critical issues with QuickTime - last year. Apple addressed the first one and then went on to ignore the second one. That leaves Firefox vulnerable to a nasty little exploit via QuickTime.
This exploit will only work under certain conditions, but it’s still an issue. Petkov says, “Before we move on, I have to say a few things. Last year I disclosed two highly critical QuickTime vulnerabilities here and here. The first vulnerability was fixed but the second one was completely ignored. I tried to bring the spot light on the second vulnerability one more time over here, yet nobody listened. So, I decided to post a demonstration of how a Low risk issue can be turned into a very easy to perform HIGH risk attack.” And so he did. Petkov explains, “In practice I can do anything with the browser, like installing browser backdoors, and the operating system if the victim is running with administrative privileges. However, just for the sake of this demonstration, I simply open calc.exe. Keep in mind that the exploit is cross-platformed.”
You can see a demo of the exploit here.
If you would like to make a comment, please fill out the form below.
Recent Comments