Zero-day vulnerabilities discovered: 2
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling specially crafted overly long RTSP (Real Time Streaming Protocol) Response Content-Type header. A remote attacker can create a specially crafted web page, trick the victim into opening it, cause buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Software: Apple QuickTime
Known/fameous malware:
Trojan.Quimkit
Links:
https://www.symantec.com/connect/blogs/zero-day-exploit-apple-quicktime-vulnerability
https://ch-fr.norton.com/security_response/writeup.jsp?docid=2007-112605-2410-99
https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
https://www.virusbulletin.com/virusbulletin/2010/11/exploit-identification/
http://www.kb.cert.org/vuls/id/659761
https://www.symantec.com/connect/blogs/apple-quicktime-exploit-twist
Improper file permissions handling
The vulnerability allows a local user to escalation privileges on vulnerable system.
The vulnerability exists in diskutil tool within DiskManagement framework when handling BOM files. A local user can create a specially crafted BOM file, run diskutil with specially crafted BOM file and replace permissions for arbitrary files on vulnerable system.
Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain root access to vulnerable system.
Note: the vulnerability is being actively exploited.
Software: macOS