December 4, 2022
SonicWALL Protects Against QuickTime Zero-Day

SonicWALL Protects Against QuickTime Zero-Day

Posted November 29, 2007 at 11:08pm by iClarified · 3577 views
SonicWALL, Inc. a leading secure network infrastructure company, announced today that it has distributed defensive measures to users of its Unified Threat Management (UTM) technology against exploits of a zero-day vulnerability found within Apple's QuickTime media player. SonicWALL first issued signatures designed to protect its subscribers against this critical vulnerability on Tuesday, November 27.

A zero-day stack-based buffer overflow vulnerability in QuickTime, an audio/video application developed by Apple Computer, is currently being exploited by a malicious web site claiming to host a legitimate QuickTime movie. Using a newly published proof-of-concept exploit code, control of the visitor's machine can be taken over.

The problem lies within the 'Content-Type' header field sent by the server, which is not properly checked by the visitor's QuickTime application. When the length of the 'Content-Type' field exceeds a certain length, a Buffer Overflow condition occurs. By carefully constructing the string sent to the application, the malicious server can obtain user privileges on the visitor's machine.

Both Windows and Mac OS users are vulnerable to this exploit since Apple's QuickTime media player can be used on both PCs and Macintoshes. Apple iTunes installations are also affected by this vulnerability because QuickTime is a component of iTunes.


SonicWALL Protects Against QuickTime Zero-Day
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments
You must login or register to add a comment...
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
How to Create a Bootable macOS Ventura USB Installer [Video]
How to Fix 'No Matching Host Key Type Found' on Mac
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS