Hackers have started to exploit a vulnerability whole in Apples software Quicktime. This whole is still not fixed since Apple has not yet released a patch.

So far are only Windows-users targetted, but Mac-users are not safe either. The vulnerability whole was discovered 23 November and was achieved because Quicktime doesnt validate incoming data securely. This time it’s connected with the rtsp protocol which is used for streaming video.

The hackers can with this method make a takeover of the targetted computer. Failed attacks will cause DOS (denial of service) conditions.

The hack itself is a buffer-overflow that targets the Header Content-length.

For more information of how to secure it, take a look at symantec.

The code for the hack itself can be found at milw0rm.