lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 12 Apr 2012 18:24:04 +0200
From: Security Explorations <contact@...urity-explorations.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [SE-2012-01] Security weakness in Apple Quicktime Java extensions


Hello,

Security Explorations discovered a security vulnerability in Apple
Quicktime [1] software and its Java extensions in particular.

When combined with the Issue 15 reported to Oracle on Apr 2 2012 [2],
this new issue might be used to successfully bypass all JVM security
restrictions on a vulnerable system.

Security Explorations developed a Proof of Concept code that exploits
Issue 15 and the new Apple Quicktime flaw (Issue 22) to achieve a
complete JVM security sandbox bypass in a Windows OS environment. The
code targets 32-bit Java Plugin only (the default for 32-bit web
browsers) and Apple Quicktime 7.7.1. It has been successfully tested
with the following combination of Java SE, OS and web browsers:
- Windows XP SP3, Windows 7 HP 64-bit, Windows 7 Pro 32-bit,
- Mozilla Firefox 11.0, Internet Explorer 9.0, Opera 11.62,
- JRE / JDK 1.6 Update 31.

Issue 22 could not be exploited in a 64-bit JRE environment. This is
due to the fact that 32-bit web browsers do not seem to work with a
64-bit Java at all. For a 64-bit web browser such as Internet Explorer
and corresponding 64-bit JRE Plugin, no Quicktime Java extensions are
visible in a target JVM's system classloader namespace.

On Apr 12 2012, Security Explorations sent a security notice to Apple
informing the company about a discovered vulnerability. Along with the
notice, the company also received our Proof of Concept code.

More technical details regarding the discovered security vulnerability
in Apple Quicktime will be disclosed at the time of the publication of
the SE-2012-01 project (Security Vulnerabilities in Java SE).

Thank you.

Best Regards
Adam Gowdiak

---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------

References:
[1] Apple Quicktime
     http://www.apple.com/quicktime/what-is/
[2] SE-2012-01, Vendors status
     http://www.security-explorations.com/en/SE-2012-01-status.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ