Apple patches QuickTime bug
Fruity
24th January 2007 12:48 GMT
Apple has fixed a flaw in its QuickTime media playback software that allowed malicious coders to install malware onto vulnerable systems.
The vulnerability - which affects both Windows and Mac OS X PCs - was published as part of the "Month of Apple Bugs" project, which involves a plan to release details of previously undisclosed Mac OS X or Apple application security bugs every day in January.
The QuickTime flaw involves an error in processing malformed Real Time Streaming Protocol (RTSP) URLs. As a result, users tricked into running malformed QuickTime files or who visit a hacker website hosting exploit code are liable to find their systems compromised due to this stack-based buffer overflow bug.
The flaw attracted particular attention because of the availability of exploit code targeting it, which greatly increased the risk it posed.
Apple has released fixes for QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000as (explained here), which users are advised to apply in order to guard against exploitation. ®
Register Hardware » News » Mac
Print
Retweet
Apple 13.3" MacBook Pro Notebook (2.26GHz Intel Core 2 Duo Mobile, 2GB DDR3, 160GB HDD, DVD±RW DL, Mac OS X v10.5 Leopard, 13.3" LCD)
Apple MacBook Notebook (2.4GHz Intel Core 2 Duo Mobile, 2GB DDR3, 250GB HDD, DVD±RW DL, Mac OS X v10.6 Snow Leopard, 13.3" LCD)
Apple iMac All-In-One Desktop (3.06GHz Intel Core 2 Duo, 4GB DDR2, 1TB, DVD+-RW DL, Mac OS X v10.5 Snow Leopard, 27" LCD)
Apple iMac All-In-One Desktop (3.06GHz Intel Core 2 Duo, 4GB DDR2, 500GB, DVD+-RW DL, Mac OS X v10.5 Snow Leopard, 21.5" LCD)
Apple 13.3" MacBook Air Notebook (1.6GHz Intel Core 2 Duo Mobile, 2GB DDR3, 120GB HDD, Mac OS X v10.5 Leopard, 13.3" LCD)
