Article

Apple fixes multiple QuickTime security flaws

Bill Brenner

Apple Computer Inc. has fixed a variety of QuickTime flaws attackers could exploit to cause a denial of service or launch malicious code.

The security holes affect Mac OS X and Windows platforms where the media player is running.

    Requires Free Membership to View

Apple has released an updated version of QuickTime, 7.0.4, to fix the problems.

According to the Cupertino, Calif.-based company:

More on Apple security

Apple patches 13 flaws in Mac OS X

Multiple flaws in Apple QuickTime (fourth item)

Apple fixes Mac OS X flaws (third item)

The first problem is that a maliciously-crafted QTIF image could be used to launch malicious code. "By carefully crafting a corrupt QTIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The second problem is that viewing a maliciously-crafted TGA image could be used to launch malicious code. "By carefully crafting a corrupt TGA image, an attacker can trigger a buffer overflow, integer overflow, or integer underflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TGA images."

The third problem is that viewing a maliciously-crafted TIFF image could be used to launch malicious code. "By carefully crafting a corrupt TIFF image, an attacker can trigger an integer overflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TIFF images."

The fourth problem is that a maliciously-crafted GIF image could be used to launch malicious code. "By carefully crafting a corrupt GIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The fifth problem is that a maliciously-crafted media file could be used to launch malicious code. "By carefully crafting a corrupt media file, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of media files."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: