Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

QuickTime backdoor allows takeover of Windows 7 machines, ancient line of code to blame

A decade-old backdoor in Apple's QuickTime media player allows someone to completely take over or run malicious code on a Windows 7 machine, according to The Register. The weird backdoor is an unused parameter called " _Marshaled_pUnk," which has been around since 2001, and was originally used to draw contents in the current QuickTime window without opening a new one. The function is gone now, but that line of code was never deleted.

I know there's probably an enormous codebase for QuickTime, but it's pretty crazy to think that Apple hasn't removed it in nearly 10 years of code reviews (there were code reviews, right, Apple?). The Register says that an attack module exploiting this vulnerability is on the way from security open-source community Metasploit. We'll see if Apple issues a fix for _Marshaled_pUnk, or if Apple and bunch of Windows users get punked first. Yikes!

Tags: apple, backdoor, quicktime, security, vulnerabilty, windows 7, Windows7

Comments

15