While we wouldn't release exploit code under normal circumstances, we are pretty much emerging and wanted to show an example of our work. Since this vulnerability was already public, and the Apple security people are most probably working on an imminent update to Quicktime, potential attackers have a limited time-span to abuse it.
Hopefully Apple will speed up on this one and release an update to fix the vulnerability. We enjoy the versatility of Mac OS X on daily basis, and want it to be as more secure as possible.
Thanks to Kevin Finisterre for the testing environment and proofing of the exploit on PowerPC. Thanks to HD Moore for suggestions and the Metasploit project.
The exploit code is available at: static.subreption.com/public/exploits/qtimertsp_redux.rb
Some improvements that might be released:
- Better PowerPC target information.
- Reliable Microsoft Windows Vista target.
- Reliabe Leopard target for x86.
Some screenshots might illustrate the functionality included in the exploit a bit better:
Mac OS X Targets...
Microsoft Windows Targets...
Finally it worked, thanks to the target information from MC in his Metasploit module.
Leave a comment