News Stay informed about the latest enterprise technology news and product updates.

Apple updates QuickTime to plug serious flaw

Apple worked quickly to address the zero-day buffer-overflow flaw in its widely used QuickTime media player, becuase exploit code surfaced late last month.

Apple Inc. today released a new version of QuickTime to address a serious zero-day flaw in the media player that...

could have been exploited to cause a buffer-overflow and hijack vulnerable computers.

The Apple update of QuickTime 7.3.1 addresses a boundary error that surfaces when affected machines try to process RTSP replies.

"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," Apple said in its advisory to customers.

The update is available for Quicktime running on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, and Windows Vista, XP SP2.

A proof-of-concept code was available that could be used to trigger remote code execution for QuickTime on Microsoft Windows Vista and XP, as well as versions of Mac OS X.

"Successful exploitation allows execution of arbitrary code and requires that the user is tricked into opening a malicious QTL file or visiting a malicious Web site," Danish vulnerability clearinghouse Secunia said in its advisory.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...