Quicktime Update Goodness

I never thought I’d be happy to see a Quicktime update. A few more of them and I was planning to create a uninstall package for Quicktime, roll it to the enterprise and remove it from the Ghost load.
It seems that in addition to the eleven fixes in Quicktime 7.4.5, Apple has added some hardening to make further attacks more difficult.
“ASLR prevents hacker code from running because the code is unable to find stuff in memory. Quicktime disabled this feature, so I its layout is not randomized. Exploits for Quicktime vulnerabilities work because they know precisely where important bits are located. If Quicktime enabled ASLR, then most exploits for its vulnerabilities would not work.”>David Maynor in February called for Apple to update Quicktime to take advantage of address space randomization or “ASLR”.

ASLR prevents hacker code from running because the code is unable to find stuff in memory. Quicktime disabled this feature, so I its layout is not randomized. Exploits for Quicktime vulnerabilities work because they know precisely where important bits are located. If Quicktime enabled ASLR, then most exploits for its vulnerabilities would not work.

According to Ryan Naraine at eWeek, Quicktime for Vista now supports ASLR.
“In addition to ASLR, QuickTime for Windows will also do stack buffer safety checking (Visual Studio 2005’s /GS option) and support for hardware NX on Windows Vista.”
This is really good news if you are running Vista (even if you’re running a Mac you’re getting improved protection). If you’re still running XP, perhaps the NX will help (although the article only mentions Vista for some reason). I would suggest to you that there is more to Vista than having problems because your crappy peripherals are unsupported. There are security benefits to upgrading, particularly when the application supplier chooses to use them. Adobe you’re at bat! How will you step up to improve Flash security?
update 4/9/08 David Maynor has written an update where he points out a couple of flaws in Apple’s implementation. “Although most of the files are now marked as ASLR enabled there are still a few binaries that are not and could still provide an attacker a static location to utilize.” As he said, its still a big step forward. Informative post, I’d suggest checking it out.