Apple incompletely seals off QuickTime
"Trust, but verify", was the idea in the mind of security specialist David Maynor when he decided to test the "Exploit Prevention Mechanisms" (XPMs) implemented in the new QuickTime version 7.4.5. His findings are surprising. Address Space Layout Randomization (ASLR) remains disabled under Windows Vista for several QuickTime libraries and applications. Attackers can still predict the static addresses of these and target them with injected code, as in older versions of Windows.
Maynor says he is not trying to downplay Apple's efforts to increase security, but as he puts it, ASLR is an "all or nothing venture". As long as even one library has a static address, the application is vulnerable. Nonetheless, Maynor encourages other vendors such as Adobe to follow Apple's lead and make improvements to increase user security on Windows.
In his analysis, Maynor used Looking Glass, a tool he has developed and made available free of charge that studies applications and libraries to see whether they support ASLR or NX (no execution) and whether they are using unsecure
- Update on Apple and QuickTime, David Maynor's blog entry