Month of Apple Bugs: QuickTime ‘rtsp://’ URL Handler Stack-Based Buffer Overflow

The first Month of Apple Bugs exploit is out, and it’s an attack that takes advantage of a buffer overflow in QuickTime’s handler for “rtsp” URLs. Their example exploits are all Intel-specific, but it’s probably a potential problem for PowerPC systems, too. (It’s a problem with QuickTime, not Mac OS X, so it apparently works on Windows systems with QuickTime installed as well.)

The example exploits use the /usr/bin/say command to speak “Happy new year shit bag”, but if that works, it could just as easily do something destructive like deleting the contents of your home folder. If you want to play defense while waiting for Apple to fix the bug, you can disable ‘rtsp’ URLs using RCDefaultApp.

Tuesday, 2 January 2007