Apple plugged a hole in its popular QuickTime media player, fixing several media processing errors that could be exploited to gain access to a victim's machine.
Apple released QuickTime version 7.5, which plugs the flaws. It issued an advisory Tuesday
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
confirming the flaw.
Apple said a boundary error existed in the media player. It could have been exploited to cause a heap-based buffer overflow. QuickTime also had a memory corruption issue when processing AAC-encoded media, Indeo video codecs and PICT files.
Danish vulnerability clearinghouse Secunia, labeled the threat "highly critical" in its Secunia SA29293 advisory.
"Successful exploitation of these vulnerabilities may allow execution of arbitrary code," Secunia said.
The French Security Incident Response Team (FrSIRT) also issued an advisory, calling the flaw critical.
FrSIRT said a remote attacker could take complete control of a system.
"'file:' URLs, which could be exploited by remote attackers to crash an affected application, launch arbitrary applications and files on a vulnerable system, or execute malicious code by tricking a user into visiting a specially crafted Web page or opening a malformed file," FrSIRT researchers said.