A security researcher has unearthed a “bizarre” flaw in Apple’s QuickTime Player that can be exploited to remotely execute malicious code on Windows-based PCs, even those running the most recent versions of operating system, says “The Register” (http://macosg.me/2/t4).
Technically, the inclusion of an unused parameter known as “_Marshaled_pUnk” is a backdoor because it is the work of an Apple developer who added it to to the QuickTime code base and then, most likely, forgot to remove it when it was no longer needed, the article adds. So it apparently remained undetected for at least nine years until Ruben Santamarta of Spain-based security firm Wintercore discovered it and realized it could be exploited to take full control of machines running Windows 7, Microsoft’s most secure operating system to date.
“The bug is is pretty bizarre,” H D Moore, CSO of Rapid7 and chief architect of the Metasploit project, told “The Register.” “It’s not a standard vulnerability in the sense that a feature was implemented poorly. It was more kind of a leftover development piece that was left in production. It’s probably an oversight.”