In association with heise online

10 April 2008, 12:48

Apple incompletely seals off QuickTime

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

"Trust, but verify", was the idea in the mind of security specialist David Maynor when he decided to test the "Exploit Prevention Mechanisms" (XPMs) implemented in the new QuickTime version 7.4.5. His findings are surprising. Address Space Layout Randomization (ASLR) remains disabled under Windows Vista for several QuickTime libraries and applications. Attackers can still predict the static addresses of these and target them with injected code, as in older versions of Windows.

Looking Glass
Zoom The wsprintfA function has long been considered unsafe. QuickTime nonetheless uses it frequently.

Maynor says he is not trying to downplay Apple's efforts to increase security, but as he puts it, ASLR is an "all or nothing venture". As long as even one library has a static address, the application is vulnerable. Nonetheless, Maynor encourages other vendors such as Adobe to follow Apple's lead and make improvements to increase user security on Windows.

In his analysis, Maynor used Looking Glass, a tool he has developed and made available free of charge that studies applications and libraries to see whether they support ASLR or NX (no execution) and whether they are using unsecure libc functions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit