Home > Security News > Apple fixes multiple QuickTime flaws
Security News:
EMAIL THIS LICENSING & REPRINTS

Apple fixes multiple QuickTime flaws

By Bill Brenner, Senior News Writer
11 Jan 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Apple Computer Inc. has fixed a variety of QuickTime flaws attackers could exploit to cause a denial of service or launch malicious code.

The security holes affect Mac OS X and Windows platforms where the media player is running. Apple has released an updated version of QuickTime, 7.0.4, to fix the problems.

According to the Cupertino, Calif.-based company:

More on Apple security

Apple patches 13 flaws in Mac OS X

Multiple flaws in Apple QuickTime (fourth item)

Apple fixes Mac OS X flaws (third item)

The first problem is that a maliciously-crafted QTIF image could be used to launch malicious code. "By carefully crafting a corrupt QTIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The second problem is that viewing a maliciously-crafted TGA image could be used to launch malicious code. "By carefully crafting a corrupt TGA image, an attacker can trigger a buffer overflow, integer overflow, or integer underflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TGA images."

The third problem is that viewing a maliciously-crafted TIFF image could be used to launch malicious code. "By carefully crafting a corrupt TIFF image, an attacker can trigger an integer overflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TIFF images."

The fourth problem is that a maliciously-crafted GIF image could be used to launch malicious code. "By carefully crafting a corrupt GIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The fifth problem is that a maliciously-crafted media file could be used to launch malicious code. "By carefully crafting a corrupt media file, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of media files."

Sound Off! -   


Tags: Mac OS SecurityApplication Attacks (Buffer Overflows, Cross-Site Scripting)VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts