April 17, 2014

New Versions of Popular Media Players QuickTime and RealPlayer Fix Multiple Security Vulnerabilities

(LiveHacking.Com) – Apple has released a new version of QuickTime to address multiple vulnerabilities that if exploited could allow an attacker to execute arbitrary code or cause a denial-of-service condition. In an unrelated release RealNetworks have released a new version of RealPlayer. These releases underline that multimedia files (video, audio and images) are a valid attack vector for hackers.

QuickTime 7.7.2 for Windows fixes a number of serious security problems most of which are triggered or by viewing a maliciously crafted website  or by viewing a maliciously crafted  multimedia file ( MP4 file, MPEG file, PNG file, QTVR movie file or JPEG2000 encoded movie file) and could lead to an unexpected application termination or arbitrary code execution.

The vulnerabilities existed because of:

  • Multiple stack overflows existed in QuickTime’s handling of TeXML files.
  • A heap overflow existed in QuickTime’s handling of text tracks.
  • A heap buffer overflow existed in the handling of H.264 encoded movie files.
  • An uninitialized memory access issue existed in the handling of MP4 encoded files.
  • An off by one buffer overflow existed in the handling of rdrf atoms in QuickTime movie files.
  • A buffer overflow existed in the handling of audio sample tables.
  • An integer overflow existed in the handling of MPEG files.
  • A stack buffer overflow existed in the QuickTime plugin’s handling of QTMovie objects.
  • A buffer overflow existed in the handling of PNG files.
  • A signedness issue existed in the handling of QTVR movie files.
  • A use after free issue existed in the handling of JPEG2000 encoded movie files.
  • A buffer overflow existed in the handling of RLE encoded movie files.
  • A buffer overflow existed in QuickTime’s handling of Sorenson encoded movie files.
  • An integer overflow existed in QuickTime’s handling of sean atoms.
  • A memory corruption issue existed in the handling of .pict files.
  • An integer underflow existed in QuickTime’s handling of audio streams in MPEG files.

Additionally opening a file in a maliciously crafted path may lead to an unexpected application termination or arbitrary code execution due to stack buffer overflow existed in QuickTime’s handling of file paths.

Some of these issues have been previously fixed on OS X in either OS X Lion v10.7.4 or Security Update 2012-001 for OS X 10.6 Snow Leopard.

RealPlayer

RealNetworks has released a new version of its RealPlayer media player application for Windows to address multiple security vulnerabilities including a MP4 file handling memory corruption, a RealMedia ASMRuleBook parsing error that can allow remote code execution and a RealJukebox Media parser buffer overrun. RealNetworks says that it has no reports of any machines actually being compromised as a result of the now-remedied vulnerabilities.

 

Apple Releases Security Updates for OS X

(LiveHacking.Com) – Apple has released security updates for Apple OS X Lion 10.7 and Mac OS X Snow Leopard 10.6 to fix multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service condition, obtain sensitive information, and bypass security restrictions. The update is an amalgamation of recent security updates for several different components used by Apple (including Apache and PHP) along with fixes for Apple’s own code.

3rd Party

This release brings some of OS X’s third party components up to date including:

Apache: There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. Apache disabled the ‘empty fragment’ countermeasure which prevented these attacks. This issue is addressed by providing a configuration parameter to control the countermeasure and enabling it by default.

PHP is updated to version 5.3.8 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. However, it is worth noting that PHP 5.3.10 has since been released to fix the hash table collisions problem that affected all the popular Web programming languages (including PHP, ASP.NET, Ruby and Python).

SquirrelMail is updated to version 1.4.22 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. This issue does not affect OS X Lion systems.

Tomcat is updated to version 6.0.33 to address multiple vulnerabilities, the most serious of which may lead to the disclosure of sensitive information. Tomcat is only provided on Mac OS X Server systems.

X11: A memory corruption issue existed in FreeType’s handling of Type 1 fonts. This issue is addressed by updating FreeType to version 2.4.7.

The update also revokes the trust for root certificates issued by DigiCert Malaysia. Two certificate authorities in the list of trusted root certificates have independently issued intermediate certificates to DigiCert Malaysia. Back in November it was discovered that DigiCert Malaysia had issued certificates with weak keys that it was unable to revoke.

Apple

Apple components that are updated include:

Address Book supports Secure Sockets Layer (SSL) for accessing CardDAV. A downgrade issue caused Address Book to attempt an unencrypted connection if an encrypted connection failed. An attacker in a privileged network position could abuse this behavior to intercept CardDAV data. This issue is addressed by not downgrading to an unencrypted connection without user approval.

CoreAudio: Playing maliciously crafted audio content may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of AAC encoded audio streams.

CoreMedia: A heap buffer overflow existed in CoreMedia’s handling of H.264 encoded movie files.

QuickTime has been updated to resolve several issues including:

  • Opening a maliciously crafted MP4 encoded file may lead to an unexpected application termination or arbitrary code execution. An uninitialized memory access issue existed in the handling of MP4 encoded files.
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
  • Viewing a maliciously crafted JPEG2000 image file may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of JPEG2000 files.
  • Processing a maliciously crafted PNG image may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of PNG files.

Time Machine: The user may designate a remote AFP volume or Time Capsule to be used for Time Machine backups. Time Machine did not verify that the same device was being used for subsequent backup operations. An attacker who is able to spoof the remote volume could gain access to new backups created by the user’s system. This issue is addressed by verifying the unique identifier associated with a disk for backup operations.

Apple Releases QuickTime 7.7.1 for Windows to Fix Vulnerabilities

(LiveHacking.Com) - Apple has released QuickTime 7.7.1 for Windows to fix multiple vulnerabilities that if exploited could allow an attacker to execute arbitrary code, cause a denial-of-service condition, or obtain sensitive information.

According to the security advisory, QuickTime 7.7.1 for Windows 7, Vista and XP, fixes several issues which have either been fixed in OS X (with OS X Lion v10.7.2 or with Security Update 2011-006 for
OS X v10.6 systems) or don’t affect Mac OS X systems.

The problems fixed are:

  • A buffer overflow existed in QuickTime’s handling of H.264 encoded movie files.
  • An uninitialized memory access issue existed in QuickTime’s handling of URL data handlers within movie files.
  • An implementation issue existed in QuickTime’s handling of the atom hierarchy within a movie file.
  • A cross-site scripting issue existed in QuickTime Player’s “Save for Web” export. The template HTML files generated by this feature referenced a script file from a non-encrypted origin. An attacker in a privileged network position may be able to inject malicious scripts in the local domain if the user views a template file locally. This issue is addressed by removing the reference to an online script.
  • A buffer overflow existed in QuickTime’s handling of FlashPix files.
  • A buffer overflow existed in QuickTime’s handling of FLIC files.
  • Multiple memory corruption issues existed in QuickTime’s handling of movie files.
  • An integer overflow issue existed in the handling of PICT files.
  • A signedness issue existed in the handling of font tables embedded in QuickTime movie files.
  • A buffer overflow issue existed in the handling of FLC encoded movie files.
  • An integer overflow issue existed in the handling of JPEG2000 encoded movie files.
  • A memory corruption issue existed in the handling of TKHD atoms in QuickTime movie files.
To exploit most of the these vulnerabilities an attacker would need to create a special crafted movie file and get the victim to watch it on their PC.

Apple Releases QuickTime 7.7 to Address Multiple Vulnerabilities

(LiveHacking.Com) – Apple has released QuickTime 7.7 for Mac OS X v10.5.8, Windows 7, Vista and XP SP2 or later. QuickTime 7.7 closes several holes that could allow maliciously crafted images, audio files and movies to crash the program or execute unauthorized code.

According to a Apple’s knowledge base article the problems resolved are:

  • A buffer overflow existed in QuickTime’s handling of pict files. Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • Multiple memory corruption issues existed in QuickTime’s handling of JPEG2000 images. Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • A cross-origin issue existed in QuickTime plug-in’s handling of cross-site redirects. Visiting a maliciously crafted website may lead to the disclosure of video data from another site. This issue is addressed by preventing QuickTime from following cross-site redirects. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.7. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of RIFF WAV files. Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A memory corruption issue existed in QuickTime’s handling of sample tables in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • An integer overflow existed in QuickTime’s handling of audio channels in movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A buffer overflow existed in QuickTime’s handling of JPEG files. Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in QuickTime’s handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • Multiple stack buffer overflows existed in the handling of H.264 encoded movie files. Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution. These issues do not affect Mac OS X systems.
  • A stack buffer overflow existed in the QuickTime ActiveX control’s handling of QTL files. Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution. This issue does not affect Mac OS X systems.
  • A heap buffer overflow existed in the handling of STSC atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STSZ atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.
  • A heap buffer overflow existed in the handling of STTS atoms in QuickTime movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue does not affect OS X Lion systems.

Apple QuickTime backdoor creates code-execution peril

A security researcher has unearthed a “bizarre” flaw in Apple’s QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system.

Read the full article here.

Source:[TheRegister]