Apple updates QuickTime to plug serious flaw

Apple worked quickly to address the zero-day buffer-overflow flaw in its widely used QuickTime media player, becuase exploit code surfaced late last month.

Apple Inc. today released a new version of QuickTime to address a serious zero-day flaw in the media player that could have been exploited to cause a buffer-overflow and hijack vulnerable computers.

The Apple update of QuickTime 7.3.1 addresses a boundary error that surfaces when affected machines try to process RTSP replies.

"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," Apple said in its advisory to customers.

The update is available for Quicktime running on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, and Windows Vista, XP SP2.

A proof-of-concept code was available that could be used to trigger remote code execution for QuickTime on Microsoft Windows Vista and XP, as well as versions of Mac OS X.

"Successful exploitation allows execution of arbitrary code and requires that the user is tricked into opening a malicious QTL file or visiting a malicious Web site," Danish vulnerability clearinghouse Secunia said in its advisory.

Dig deeper on Application Attacks (Buffer Overflows, Cross-Site Scripting)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close