Security researchers have identified a fresh vulnerability in QuickTime for Windows, which they claim can allow hackers to take control of infected machines.
Mac users aren’t affected by the flaw, which affects Windows Vista and XP. Details of the exploit are available on the GNUCitizen blog, which describes the problem but not in sufficient detail for malicious users to begin to deploy exploits for this flaw.
[youtube http://www.youtube.com/watch?v=fZd9ChU3XAY&hl=en]
In essence it’s the increasingly commonplace tactic of creating a maliciously crafted QuickTime file and hosting it on a website. When a site visitor launches the file, the vulnerability allows a hacker to take complete control of the computer, even enabling them to launch applications. The flaw can also be spread via including the file within emails, or just by opening an infected file on a target desktop.
“The vulnerability is currently held private. The GNUCitizen team is following responsible disclosure practices. Therefore, the vulnerability details will be privately disclosed to the vendor in a short period of time. This advisory is meant to inform the public and raise the consumer’s awareness,” the researchers explained.
The researchers have published a video demonstrating the flaw in action, and Apple has been informed of the problem.
FTC: We use income earning auto affiliate links. More.
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
Comments