
	Home > Security News > Apple fixes multiple QuickTime flaws

Security News:

EMAIL THIS

Apple fixes multiple QuickTime flaws

By Bill Brenner, Senior News Writer
06 Mar 2007 | SearchSecurity.com

Security Wire Daily News

Digg This! StumbleUpon Del.icio.us

Apple Monday urged users of its QuickTime media player to upgrade to the latest version to correct multiple security flaws attackers could exploit to run insidious code on targeted machines by luring the user to a malicious Web site.

The French Security Incident Response Team (FrSIRT) rated the flaws critical in an 0825 advisory. It described the flaws as:

Apple Quicktime:

Jan. 2: Apple QuickTime flaw could enable botnets. Attackers could exploit a new Apple QuickTime flaw to grow their botnets by tricking users into visiting malicious Web sites, and then hijacking their machines.

Jan. 24: Apple fixes critical QuickTime flaw. The QuickTime flaw was disclosed earlier this month at the start of The Month of Apple Bugs Project.

File format vulnerabilities: Protecting your applications. From WMF to the latest Excel file exploits, it's clear that attacks targeting file format vulnerabilities are on the rise. In this tip, network security expert Mike Chapple examines why files have become a tempting vector, and explores what can be done.

An integer overflow error that surfaces when the media player handles malformed 3GP video files.

A heap overflow error that surfaces when the media player handles a specially crafted MIDI file.

A buffer overflow error that occurs when the media player processes malformed QuickTime movies.

An ineteger overflow error that occurs when the media player handled malformed UDTA atoms in movie files.

A heap overflow error that occurs when the media player processes malformed PICT files.

Stack, integer and heap overflow errors that occur when the media player handles a malformed or specially crafted QTIF file.

The flaws affect Apple QuickTime 7.1.4 and prior. The solution is to upgrade to QuickTime 7.1.5.

Apple had previously updated QuickTime in January to fix a flaw that left users' machines open to bot infections.

That flaw was disclosed at the start of the year by the vulnerability researcher known as LMH. The researcher disclosed a variety of Apple flaws as part of his "Month of Apple Bugs" project.

Tags: Securing Productivity Applications, VIEW ALL TAGS

Digg This! StumbleUpon Del.icio.us

RELATED CONTENT

Securing Productivity Applications

Adobe ColdFusion websites being compromised

Adobe fixes critical Shockwave Flash Player flaw

Adobe issues first quarterly patch release fixing 13 flaws

Adobe shifts to Microsoft patching process, incident response plan

Balancing security and performance: Protecting layer 7 on the network

Software Piracy pandemic needs government role, better vendor antipiracy plans

McAfee to acquire Solidcore Systems for whitelisting

Adobe issues Reader update fixing zero-day flaw

Microsoft to patch critical PowerPoint zero-day flaw

PCI DSS: Best practices for compliance

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

sheepdip (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

More Tips to Secure Your Network
Focused on Channel Security?

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy