Article

Apple updates QuickTime to plug dangerous flaw

SearchSecurity.com Staff

Apple plugged a hole in its popular QuickTime media player, fixing several media processing errors that could be exploited to gain access to a victim's machine.

Apple released QuickTime version 7.5, which plugs the flaws. It issued an advisory Tuesday

    Requires Free Membership to View

confirming the flaw.

Apple said a boundary error existed in the media player. It could have been exploited to cause a heap-based buffer overflow. QuickTime also had a memory corruption issue when processing AAC-encoded media, Indeo video codecs and PICT files.

Danish vulnerability clearinghouse Secunia, labeled the threat "highly critical" in its Secunia SA29293 advisory.

"Successful exploitation of these vulnerabilities may allow execution of arbitrary code," Secunia said.

The French Security Incident Response Team (FrSIRT) also issued an advisory, calling the flaw critical.

FrSIRT said a remote attacker could take complete control of a system.

"'file:' URLs, which could be exploited by remote attackers to crash an affected application, launch arbitrary applications and files on a vulnerable system, or execute malicious code by tricking a user into visiting a specially crafted Web page or opening a malformed file," FrSIRT researchers said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: