Tuesday, April 8, 2008

Apple Adds Anti-Hacker Features to QuickTime

Apple has added key exploit prevention mechanisms to QuickTime aimed at thwarting hacker attacks.

According to an article posted by eWeek Apple has added XPMs (exploit prevention mechanisms) into the WIndows and Mac OS X versions of QuickTime 7.4.5. The new update also patches 11 high-risk security vulnerabilities.

According to a source familiar with Apple's moves, QuickTime for Windows Vista now features ASLR (address space layout randomization), a security technology that randomly arranges the positions of key data areas to prevent malware authors from predicting target addresses.

In addition to ASLR, QuickTime also gets Stack buffer safety checking and Function call hardening.

"That's a pretty big change for a point release," said Dino Dai Zovi, a hacker who has written multiple exploits for QuickTime. "They [Apple] have way more guts than many other software companies to do something like that. Either that, or they are afraid of the backlash if malware starts targeting QuickTime and iTunes in a more serious way.”

No comments: