Thursday, August 13, 2015

Talos Identifies Multiple Memory Corruption Issues in Quicktime

Update 2015-08-21: This post has been updated to reflect an additional advisory released on August 20.

Talos, in conjunction with Apple’s security advisories issued on August 13 and August 20, has released six advisories for vulnerabilities that Talos found in Apple Quicktime. In accordance with our Vendor Vulnerability Reporting and Disclosure policy, these vulnerabilities have been reported to Apple and CERT.  This post serves as a summary for the advisories being released in coordination with Apple and CERT.

Ryan Pentney and Richard Johnson of Talos are credited with the discovery of these vulnerabilities.

Advisory Summary

Several memory corruption vulnerabilities exist in Apple Quicktime and can manifest themselves due to improper handling of objects in memory. An adversary who crafts a specifically formatted .MOV file can cause Quicktime to terminate unexpectedly, creating a local denial of service condition.

The following vulnerabilities, addressed on August 13, affect Quicktime for OS X and Windows and have been assigned the following CVEs:

  • CVE-2015-3788 - Apple Quicktime Invalid URL Atom Size Denial of Service Vulnerability
  • CVE-2015-3789 - Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability
  • CVE-2015-3790 - Apple Quicktime Invalid mvhd Atom Size Denial of Service Vulnerability
  • CVE-2015-3791 - Apple Quicktime esds Atom Descriptor Type Length Mismatch Denial of Service Vulnerability
  • CVE-2015-3792 - Apple Quicktime mdat Corruption Denial of Service Vulnerability

The following vulnerability, addressed on August 20, only affects Quicktime for Windows and has been assigned the following CVE:

  • CVE-2015-5786 - Apple Quicktime tkhd Atom Matrix Corruption Denial of Service Vulnerability

Apple has released a software update to address these defects in Quicktime and Talos has released coverage for these vulnerabilities. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Defense Center, FireSIGHT Management Center or Snort.org.

Known Affected Versions

  • Apple Quicktime 7.7.5 - Windows 7 32-bit
  • Apple Quicktime 7.7.6 - Windows 7 32-bit
  • Apple Quicktime 7.7.7 - Windows 7 32-bit

Finding and disclosing zero-day vulnerabilities responsibly helps improve the overall security of the devices and software people use on a day-to-day basis.  Talos is committed to this effort via developing programmatic ways to identify problems or flaws that could be otherwise exploited by malicious attackers. These developments help secure the platforms and software customers use and also help provide insight into how Cisco can improve its own processes to develop better products.

For further zero day or vulnerability reports and information visit http://talosintel.com/vulnerability-reports/

1 comment:

Post a Comment