Apple fixes critical QuickTime flaws

Media processing errors can be exploited by an attacker by passing malicious files. A successful attack could allow a person to gain access to critical files.

Apple released an update for its QuickTime player, repairing multiple vulnerabilities that could be exploited to gain access to critical files.
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The flaws affect all versions of the media player, Apple said. The software maker released version 7.6 of the QuickTime player to repair the flaws.

Apple repaired a boundary error that exists when the player attempts to process real time streaming protocols (RTSP). The error could be exploited by an attacker to cause a buffer overflow condition.

A number of other errors plague the QuickTime player. It contains processing errors that could result in a buffer overflow if it attempts to process malicious H 263 encoded files, AVI files, and MPEG-2 and QuickTime Virtual Reality movie files.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating in its alert to customers. In its advisory, Secunia said attackers can pass the malicious files to a victim remotely in an attempt to exploit the flaws.

Dig deeper on Securing Productivity Applications



Enjoy the benefits of Pro+ membership, learn more and join.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: