Apple updates QuickTime to plug dangerous flaw

Media processing errors could be exploited remotely by an attacker to gain control of a victim's machine.

Apple plugged a hole in its popular QuickTime media player, fixing several media processing errors that could be exploited to gain access to a victim's machine.

Apple released QuickTime version 7.5, which plugs the flaws. It issued an advisory Tuesday confirming the flaw.

Apple said a boundary error existed in the media player. It could have been exploited to cause a heap-based buffer overflow. QuickTime also had a memory corruption issue when processing AAC-encoded media, Indeo video codecs and PICT files.

Danish vulnerability clearinghouse Secunia, labeled the threat "highly critical" in its Secunia SA29293 advisory.

"Successful exploitation of these vulnerabilities may allow execution of arbitrary code," Secunia said.

The French Security Incident Response Team (FrSIRT) also issued an advisory, calling the flaw critical.

FrSIRT said a remote attacker could take complete control of a system.

"'file:' URLs, which could be exploited by remote attackers to crash an affected application, launch arbitrary applications and files on a vulnerable system, or execute malicious code by tricking a user into visiting a specially crafted Web page or opening a malformed file," FrSIRT researchers said.

Dig deeper on Securing Productivity Applications

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close