A zero-day Apple QuickTime flaw for Mac OS X has officially kicked off the MoAB (Month of Apple Bugs). The exploit has been "100% reliable for a current up-to-date x86-based OS X system". Anyone wishing to confirm the vulnerability in their own Intel-based Macs can click on this test link of a specially crafted QuickTime file that will say "happy new year" though the exploit can be easily modified to do more malicious things like delete all of your photos and documents or encrypt them for ransom.
This is the first of many Apple vulnerabilities that will be exposed this month. This exploit is EXTREMELY dangerous because it can be remotely triggered with a malicious email attachment or a specially crafted webpage that will automatically trigger the QuickTime "movie" which is actually not a movie but a malicious payload. The exploit is in weaponized Metasploit form and there are no patches available. Disabling QuickTime playback in the web browser of choice might be the only temporary work-around at this time. Mac users should also avoid opening QuickTime files they receive in email unless they're sure the file is from someone they trust and it's intended for them.
