-
November 30th, 2007, 02:13 PM
#1
Mac Users BEWARE
To all the funky mac users out there (you know who you are...)
*START SPOOKY MUSIC*
Take hede and pay attention to this warning.....
On last night past a wickedness was discovered in the form of a quicktime exploit. All OSx users should stay away from the Interweb or else suffer the concequences. You have been warned!
*/SPOOKY MUSIC*
http://www.securityfocus.com/bid/21829/discuss
http://www.milw0rm.com/exploits/4673
http://www.milw0rm.com/exploits/4664
http://www.milw0rm.com/exploits/4657
http://www.milw0rm.com/exploits/4651
-
November 30th, 2007, 05:13 PM
#2
Interesting, because it is actually an Apple Quicktime vulnerability rather than an OSX one. It works with Vista and XP as well.
This is a trend that I have noticed over the past 18 months or so: more application rather than OS specific exploits. I guess it gets round the problem of writing cross-platform stuff, which is actually rather difficult.
Another consideration is that if users are pretty bad at keeping their security software and operating systems up to date, they are even worse at updating their applications.
-
December 1st, 2007, 02:09 AM
#3
@wolfman1984
Even if this was a Mac OS bug (which it isn't, as nihil pointed out), it's not like Mac users need to "duck and cover". It's not like Mac OS X has never had vulnerabilities before; it has.
@nihil
I am under the impression that, while it does work on Vista/XP, it doesn't work in IE 6/7. Source: http://it.slashdot.org/article.pl?si...51212&from=rss
- X
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
December 1st, 2007, 10:37 AM
#4
Junior Member
You would make a good IT manager, Make up figures and generally have no clue but it sounds good to those who dont know better.
Originally Posted by nihil
Interesting, because it is actually an Apple Quicktime
vulnerability rather than an OSX one. It works with Vista and XP as well.
Wow, userspace exploits who would have thought of such a thing, why are you acting like this is some massive break through, there have been all kinds of vulns found in various media viewers, ranging from windows media player, winamp right down to a fairly wide spread tiff library(it lead to the ability to run homebrew code on the psp, and a heap overflow on the iphone, which is fantastic due to the non executable stack present on the iphone)
Originally Posted by nihil
This is a trend that I have noticed over the past 18 months or so: more application rather than OS specific exploits. I guess it gets round the problem of writing cross-platform stuff, which is actually rather difficult.
Did you just pull this 18 month number out of the air a quick browse of the usual suspects shows no such pattern? User space exploits especially buffer overflows are far more common than your kernel space exploits(who likes having to deal with different architectures let alone all the different memory locations for functions urgh) although you can have all types of fun with mapped memory and the kernel, however given there are far more applications than there are kernels you see far more application based exploits, simple statistics, whats more fun than over writing the return address in your stack on application with setuid(0)? If there has been an increase in anything in the last 18 months it has been sql/xss exploits, with the increasing popularity of ajax driven web pages, and the fact that any kid and his ' key can find sql injects, and php actually promoting poor programming, never before has a sql engine seen so much use of the UNION statement.
Originally Posted by nihil
Another consideration is that if users are pretty bad at keeping their security software and operating systems up to date, they are even worse at updating their applications.
Yes its almost as if someone should write a application to keep track of installed packages and update when necessary, this same system could also update the kernel, and patch any vulns, i should get on it, i cant think of a good name though, emerge? no apt? YUM? how apple apple software update? YAST but that sounds to much like an issue that females would suffer, perhaps i should just write all of them, that will sure start some arguments on the intrablag.
-
December 1st, 2007, 10:59 AM
#5
Junior Member
Originally Posted by xierox
@wolfman1984
Even if this was a Mac OS bug (which it isn't, as nihil pointed out), it's not like Mac users need to "duck and cover". It's not like Mac OS X has never had vulnerabilities before; it has.
@nihil
I am under the impression that, while it does work on Vista/XP, it doesn't work in IE 6/7. Source: http://it.slashdot.org/article.pl?si...51212&from=rss
- X
While every OS has shared in the fun of exploits, this is one of the very few OSX remote code execution vuln's that has been released to the public, 0days are fun, and perhaps one of the first that is vuln straight out of the box, there was the TIFF one mentioned earlier, but that was only allowed to run in the context of the application using the library. So they should duck and cover its pretty serious, while most apple users dont run as admin by default(where as most windows xp users do) its still cause for serious concern.
Now onto your other statment, its amazing how people jump all over IE security yet, here it is with one of its security methods stopping an overflow, when i have some time i plan to sit down with the shell code(reverse shell made easier by the fact they used the meta sploit lib) , but dont discount the shellcode perhaps they didnt find the ret codes for ie6 on xpsp1 it is specific,
-
December 1st, 2007, 02:59 PM
#6
ildjarn, whilst I appreciate that English might not be your primary language:
You would make a good IT manager, Make up figures and generally have no clue but it sounds good to those who dont know better.
At least you appreciate why you will never achieve managerial status in this profession
Wow, userspace exploits who would have thought of such a thing, why are you acting like this is some massive break through,
We are not................. if you read more carefully you would see that the comments were only that this is a more increasing trend.
Did you just pull this 18 month number out of the air a quick browse of the usual suspects shows no such pattern?
No, it is based on my personal observations and long term trend analyses. I do not base my opinions on "quick browses"............... I am way too old and far too experienced for that
Last edited by nihil; December 1st, 2007 at 03:01 PM.
-
December 1st, 2007, 05:29 PM
#7
Junior Member
Originally Posted by nihil
ildjarn, whilst I appreciate that English might not be your primary language:
At least you appreciate why you will never achieve managerial status in this profession
You no nothing of me, yet you seem to speak with authority, just proves that authority is often un deserved.
Originally Posted by nihil
We are not................. if you read more carefully you would see that the comments were only that this is a more increasing trend.
It was careful reading that lead me to this observation.
Originally Posted by nihil
No, it is based on my personal observations and long term trend analyses. I do not base my opinions on "quick browses"............... I am way too old and far too experienced for that
i went through alot of bugtraq to see if i could spot this pattern, but no matter how far i go back, its all the same, alot of userspace vulns and a handful of vulns for any number of kernels, some very bland and no proof of concept was released so cant verify, but having seen some 0days that have come past my desk, it is highly likely that it worked. So im not sure where you are getting these <insert buzz words> from, but the only growth i see is webapp exploits, and everything is remaining fairly normal.
-
December 1st, 2007, 08:25 PM
#8
Hmmm, is a good old fashioned flame war in the offing....
Only trust Pipe-smoking Penguins.
-
December 1st, 2007, 09:50 PM
#9
Whoa Whoa Whoa! Let's all take a chill pill! The Wolfman is no longer fealing the love in this topic.
The intention of this topic was to draw attention to OSx users the 0-day exploit that exists for Quicktime. Yes, I agree, the "sploit" affects Windows users, but let's face it, they live with unpatched vulnerabilities and exploits everyday, so nothing new for them.
Now, ildjarn, my man! You need to take it down a few notches. Nihil has some valid points, as do you. Why the need to come on so strong?
-
December 2nd, 2007, 05:10 AM
#10
Junior Member
Originally Posted by wolfman1984
Whoa Whoa Whoa! Let's all take a chill pill! The Wolfman is no longer fealing the love in this topic.
The intention of this topic was to draw attention to OSx users the 0-day exploit that exists for Quicktime. Yes, I agree, the "sploit" affects Windows users, but let's face it, they live with unpatched vulnerabilities and exploits everyday, so nothing new for them.
Now, ildjarn, my man! You need to take it down a few notches. Nihil has some valid points, as do you. Why the need to come on so strong?
Because he talks like he has some authority on the subject, so people might feel obligated to belive him,yet despite what you said he had no valid points, just trying to stop the perpetuation of false information.
Similar Threads
-
By Egaladeist in forum Security News
Replies: 0
Last Post: October 12th, 2005, 07:53 PM
-
By akachuckie in forum The Security Tutorials Forum
Replies: 8
Last Post: February 24th, 2005, 01:47 AM
-
By JP in forum Site Feedback/Questions/Suggestions
Replies: 23
Last Post: October 20th, 2004, 07:24 PM
-
By moxnix in forum Spyware / Adware
Replies: 7
Last Post: July 8th, 2004, 01:42 PM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|