Article

Apple fixes critical QuickTime flaws

SearchSecurity.com Staff

Apple released an update for its QuickTime player, repairing multiple vulnerabilities that could be exploited to gain access to critical files.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The flaws affect all versions of the media player, Apple said. The software maker released version 7.6 of the QuickTime player to repair the flaws.

Apple repaired a boundary error that exists when the player attempts to process real time streaming protocols (RTSP). The error could be exploited by an attacker to cause a buffer overflow condition.

A number of other errors plague the QuickTime player. It contains processing errors that could result in a buffer overflow if it attempts to process malicious H 263 encoded files, AVI files, and MPEG-2 and QuickTime Virtual Reality movie files.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating in its alert to customers. In its advisory, Secunia said attackers can pass the malicious files to a victim remotely in an attempt to exploit the flaws.


Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.