SonicWall, a network infrastructure company, has distributed defensive measures to the users of its unified threat management technology against exploits of a zero-day vulnerability found within Apple’s QuickTime media player.
SonicWall has issued signatures designed to protect its subscribers against this critical vulnerability. A zero-day stack-based buffer overflow vulnerability in QuickTime is currently being exploited by a malicious web site claiming to host a legitimate QuickTime movie. Using a newly published proof-of-concept exploit code, control of the visitor’s machine can be taken over.
Both Windows and Mac OS users are vulnerable to this exploit since Apple’s QuickTime media player can be used on both PCs and Macintoshes. Apple iTunes installations are also affected by this vulnerability because QuickTime is a component of iTunes.
SonicWALL stated that it has developed unique technologies to deliver gateway anti-virus, anti-spyware and intrusion prevention signatures to its subscribers on a continual basis, allowing them to protect against exploits of zero-day vulnerabilities as well as attacks and threats such as phishing, viruses, DHA or DoS attacks and more.