Hello, Security Explorations discovered a security vulnerability in Apple Quicktime [1] software and its Java extensions in particular. When combined with the Issue 15 reported to Oracle on Apr 2 2012 [2], this new issue might be used to successfully bypass all JVM security restrictions on a vulnerable system. Security Explorations developed a Proof of Concept code that exploits Issue 15 and the new Apple Quicktime flaw (Issue 22) to achieve a complete JVM security sandbox bypass in a Windows OS environment. The code targets 32-bit Java Plugin only (the default for 32-bit web browsers) and Apple Quicktime 7.7.1. It has been successfully tested with the following combination of Java SE, OS and web browsers: - Windows XP SP3, Windows 7 HP 64-bit, Windows 7 Pro 32-bit, - Mozilla Firefox 11.0, Internet Explorer 9.0, Opera 11.62, - JRE / JDK 1.6 Update 31. Issue 22 could not be exploited in a 64-bit JRE environment. This is due to the fact that 32-bit web browsers do not seem to work with a 64-bit Java at all. For a 64-bit web browser such as Internet Explorer and corresponding 64-bit JRE Plugin, no Quicktime Java extensions are visible in a target JVM's system classloader namespace. On Apr 12 2012, Security Explorations sent a security notice to Apple informing the company about a discovered vulnerability. Along with the notice, the company also received our Proof of Concept code. More technical details regarding the discovered security vulnerability in Apple Quicktime will be disclosed at the time of the publication of the SE-2012-01 project (Security Vulnerabilities in Java SE). Thank you. Best Regards Adam Gowdiak --------------------------------------------- Security Explorations http://www.security-explorations.com "We bring security research to the new level" --------------------------------------------- References: [1] Apple Quicktime http://www.apple.com/quicktime/what-is/ [2] SE-2012-01, Vendors status http://www.security-explorations.com/en/SE-2012-01-status.html
