Symantec Security Response Weblog: Exploit for Apple QuickTime Vulnerability in the Wild

QuickTimeのRTSPの脆弱性を悪用する攻撃がHoneyPotに既に来ているそうです。

On November 25, we blogged about a proof of concept exploit code for Apple's QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability being disclosed to the public. Now a week has passed and Symantec's DeepSight honeynet has spotted at least one active exploitation in the wild.

Quicktime脆弱性対策で、以下を提案されていますが、Filterは必須かな。

we also recommend the following options:

  • Run web browsers at the highest security settings possible
  • Disable Apple QuickTime as a registered RTSP protocol handler.
  • Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.

screenshot