Yesterday I published a quick TidBITS article on the QuickTime RTSP vulnerability. It’s a true 0day, with exploit code in the wild and no patch available. At the time, the proof of concept code was only for Windows, but over at Milw0rm it’s been updated to include Macs. The original CERT advisory is here.
Windows users can follow the CERT advice to disable QT, but us Macheads don’t have it so easy. My recommendation right now is to watch where you browse, and use Little Snitch or another outbound firewall with application awareness (just blocking port 554 and the UDP ports isn’t enough).
I suspect we’ll have a patch soon.
This is a great example of why Apple should finish off the new security features of Leopard. I suspect that the combination of QuickTime sandboxing, full ASLR (Library Randomization), and adding outbound blocking to the Application Firewall could stop this exploit before it starts.
Anti-exploitation is the future. We’ll always have vulnerabilities, but we can sure make them harder to exploit.