Home > Security News > Apple fixes critical QuickTime flaw
Security News:
EMAIL THIS

Apple fixes critical QuickTime flaw

By Bill Brenner, Senior News Writer
24 Jan 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Apple has fixed a flaw in its widely used QuickTime media player that left users' machines open to bot infections. The flaw was first disclosed at the start of the month when the vulnerability researcher known as LMH kicked off his "Month of Apple Bugs" project.

In a posting on his Apple Fun blog, LMH described the flaw as a stack overflow error that surfaces when the program handles a malformed "rtsp" URL. To exploit this, attackers could set up a malicious Web site and lure users there. Or, they could trick users into opening a malicious .qtl file.

Apple confirmed those findings in its security advisory 2007-001.

"By enticing a user to access a maliciously-crafted rtsp URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution," Apple said. "A .qtl file that triggers this issue has been published on the Month of Apple Bugs web site. This update addresses the issue by performing additional validation of rtsp URLs."

Apple said the security update is available for QuickTime 7.1.3 on Mac OS X 10.3.9, Mac OS X Server 10.3.9; Mac OS X 10.4.8; Mac OS X Server v10.4.8; and Windows XP/2000.

Tags: Alternative OS security: Mac, Linux, Unix, etc.VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google



RELATED CONTENT
Alternative OS security: Mac, Linux, Unix, etc.
Machiavelli Mac OS X rootkit unveiled at Black Hat
How secure is 'Platform as a Service (PaaS)?'
Security comparison: Mac OS X vs. Windows
Mac OS memory flaws pose challenges for enterprise endpoint protection
Rootkit Hunter demo: Detect and remove Linux rootkits
Oracle to buy Sun Microsystems for $7.4 billion
How to harden Linux operating systems
Serious holes in Mac OS X memory, researcher shows
What is the best operating system for an FTP server implementation?
Black Hat DC 2009: Mac OS attack method
Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
trusted computing  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



More Tips to Secure Your Network
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts