Article

Apple updates QuickTime to plug serious flaw

SearchSecurity.com Staff

Apple Inc. today released a new version of QuickTime to address a serious zero-day flaw in the media player that could have been exploited to cause a buffer-overflow and hijack vulnerable

    Requires Free Membership to View

computers.

The Apple update of QuickTime 7.3.1 addresses a boundary error that surfaces when affected machines try to process RTSP replies.

"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," Apple said in its advisory to customers.

The update is available for Quicktime running on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, and Windows Vista, XP SP2.

A proof-of-concept code was available that could be used to trigger remote code execution for QuickTime on Microsoft Windows Vista and XP, as well as versions of Mac OS X.

"Successful exploitation allows execution of arbitrary code and requires that the user is tricked into opening a malicious QTL file or visiting a malicious Web site," Danish vulnerability clearinghouse Secunia said in its advisory.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: