Intego Security Memo

News > Press Releases

Macintosh

Dual Protection (Mac + Windows)

Macintosh Enterprise

Free Trial

ContentBarrier FileGuard Internet Security Barrier NetBarrier Personal Antispam Personal Backup VirusBarrier

ContentBarrier DP Internet Security Barrier DP VirusBarrier DP

Remote Management Console VirusBarrier Server and VirusBarrier Mail Gateway

Buy Now Upgrade Update Renew Free Trial

Support Knowledge Base Software Registration User Manuals Software Updates Bug Report

Press Releases Latest Software Releases

Overview Press Releases Careers Contact Us

INTEGO SECURITY MEMO - JANUARY 2, 2007
Apple QuickTime RTSP URL Handling Buffer Overflow Vulnerability

Exploit: Apple QuickTime RTSP URL Handling Buffer Overflow Vulnerability

Discovered: January 1, 2007

Risk: Highly critical

Description: This proof-of-concept exploit, which has not yet been seen in the wild, takes advantage of a vulnerability in the way QuickTime handles rtsp:// URL handlers. The RTSP protocol is used for streaming QuickTime video and audio content.

The exploit overflows a stack-based buffer, using either HTML, Javascript or a QTL file, allowing remote arbitrary code execution which can have serious consequences for computers running Mac OS X.

Means of protection: Intego NetBarrier X and NetBarrier X4 can protect against this exploit. Users must create firewall rules to block ports 554 UDP and 7070 TCP to ensure that this exploit cannot endanger their Macs. (See the NetBarrier manual for information on creating firewall rules.) However, if users wish to use QuickTime streaming from servers they trust, they can add these servers to NetBarrier's Trusted Group to allow streaming content from those servers.

About Intego
Intego develops and sells desktop Internet security and privacy software for Macintosh.

Intego provides the widest range of software to protect users and their Macs from the dangers of the Internet. Intego's multilingual software and support repeatedly receives awards from Mac magazines, and protects more than one million users in over 60 countries. Intego has headquarters in the USA, France and Japan.

As the dangers of the Internet grow, Intego is hard at work, developing new software to protect users and their Macs from the latest security and privacy threats.

We protect your world.

home | contact