Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Scripps Employees Called 'Hackers' For Exposing Massive Security Flaw
QuickTime backdoor allows takeover of Windows 7 machines, ancient line of code to blame
A decade-old backdoor in Apple's QuickTime media player allows someone to completely take over or run malicious code on a Windows 7 machine, according to The Register. The weird backdoor is an unused parameter called "
_Marshaled_pUnk," which has been around since 2001, and was originally used to draw contents in the current QuickTime window without opening a new one. The function is gone now, but that line of code was never deleted.I know there's probably an enormous codebase for QuickTime, but it's pretty crazy to think that Apple hasn't removed it in nearly 10 years of code reviews (there were code reviews, right, Apple?). The Register says that an attack module exploiting this vulnerability is on the way from security open-source community Metasploit. We'll see if Apple issues a fix for _Marshaled_pUnk, or if Apple and bunch of Windows users get punked first. Yikes!
Comments
15
Subscribe to commentsrottingsheepAug 30th 2010 5:58PM
Apple. It just works.
JeffAug 30th 2010 6:08PM
People still install quicktime?
LloydChiroAug 30th 2010 6:22PM
We try not to. I'd like to not use iTunes too, if i could.
WilliamAug 30th 2010 6:52PM
If the backdoor can run on Windows 7, then it's possible it will also run on Vista! Because they both use the NTFS file system.
Sounds best to not bother with quicktime until it's sorted!!
Will.
rcarmAug 30th 2010 11:24PM
"The attack has been confirmed on the XP, Vista, and 7 versions of Windows, Santamarta said."
But I'm 100% sure that it has nothing to do with NTFS.
jsmorleyAug 30th 2010 7:02PM
Who in their right mind allows Quicktime on their system?
DanAug 30th 2010 7:58PM
Anyone who has iTunes installed on their computer... millions of people.
blitzkriegAug 30th 2010 9:26PM
Then that obviously means millions of people are not thinking correctly.
ericloeweAug 31st 2010 6:32AM
Mostly people who have 3 toolbars for each bloatware they've installed over the years, on IE6.
ScottAug 31st 2010 3:50PM
Until I find a decent replacement that allows me to sync my iPod I'm stuck with iTunes and Quicktime.
hazardAug 30th 2010 7:49PM
Peoples at DLS
On this page, why has Firefox asked me to open sphereomni_api.php for surphace.com?
scaramanga89Sep 14th 2010 9:55AM
Did you get any response on what to do with this? I get the same, but only on Engadget.
DafretyAug 30th 2010 10:14PM
Oh dear lord. This is just one of the many reasons I can't stand Apple. Not only do they just do the minimum amount of coding and optimizing as possible on all their Windows based software, they don't even disable outmoded parts when they're done with it, leading to things like this.
DeoWulfAug 30th 2010 10:48PM
Just don't install Apple software on your Windows machine. It will thank you.
AlanAug 31st 2010 12:49AM
What DeoWulf said!