[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4F8701A4.20903@security-explorations.com>
Date: Thu, 12 Apr 2012 18:24:04 +0200
From: Security Explorations <contact@...urity-explorations.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [SE-2012-01] Security weakness in Apple Quicktime
Java extensions
Hello,
Security Explorations discovered a security vulnerability in Apple
Quicktime [1] software and its Java extensions in particular.
When combined with the Issue 15 reported to Oracle on Apr 2 2012 [2],
this new issue might be used to successfully bypass all JVM security
restrictions on a vulnerable system.
Security Explorations developed a Proof of Concept code that exploits
Issue 15 and the new Apple Quicktime flaw (Issue 22) to achieve a
complete JVM security sandbox bypass in a Windows OS environment. The
code targets 32-bit Java Plugin only (the default for 32-bit web
browsers) and Apple Quicktime 7.7.1. It has been successfully tested
with the following combination of Java SE, OS and web browsers:
- Windows XP SP3, Windows 7 HP 64-bit, Windows 7 Pro 32-bit,
- Mozilla Firefox 11.0, Internet Explorer 9.0, Opera 11.62,
- JRE / JDK 1.6 Update 31.
Issue 22 could not be exploited in a 64-bit JRE environment. This is
due to the fact that 32-bit web browsers do not seem to work with a
64-bit Java at all. For a 64-bit web browser such as Internet Explorer
and corresponding 64-bit JRE Plugin, no Quicktime Java extensions are
visible in a target JVM's system classloader namespace.
On Apr 12 2012, Security Explorations sent a security notice to Apple
informing the company about a discovered vulnerability. Along with the
notice, the company also received our Proof of Concept code.
More technical details regarding the discovered security vulnerability
in Apple Quicktime will be disclosed at the time of the publication of
the SE-2012-01 project (Security Vulnerabilities in Java SE).
Thank you.
Best Regards
Adam Gowdiak
---------------------------------------------
Security Explorations
http://www.security-explorations.com
"We bring security research to the new level"
---------------------------------------------
References:
[1] Apple Quicktime
http://www.apple.com/quicktime/what-is/
[2] SE-2012-01, Vendors status
http://www.security-explorations.com/en/SE-2012-01-status.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists