Symantec Security Response Weblog: Exploit for Apple QuickTime Vulnerability in the Wild


On November 25, we blogged about a proof of concept exploit code for Apple's QuickTime RTSP Response Header Remote Stack Based Buffer Overflow Vulnerability being disclosed to the public. Now a week has passed and Symantec's DeepSight honeynet has spotted at least one active exploitation in the wild.


we also recommend the following options:

  • Run web browsers at the highest security settings possible
  • Disable Apple QuickTime as a registered RTSP protocol handler.
  • Filter outgoing activity over common RTSP ports, including TCP port 554 and UDP ports 6970-6999.