
	Home > Security News > Apple updates QuickTime to plug dangerous flaw

Security News:

EMAIL THIS

Apple updates QuickTime to plug dangerous flaw

By SearchSecurity.com Staff
10 Jun 2008 | SearchSecurity.com

Security Wire Daily News

Digg This! StumbleUpon Del.icio.us

Apple plugged a hole in its popular QuickTime media player, fixing several media processing errors that could be exploited to gain access to a victim's machine.

Apple released QuickTime version 7.5, which plugs the flaws. It issued an advisory Tuesday confirming the flaw.

Apple said a boundary error existed in the media player. It could have been exploited to cause a heap-based buffer overflow. QuickTime also had a memory corruption issue when processing AAC-encoded media, Indeo video codecs and PICT files.

Danish vulnerability clearinghouse Secunia, labeled the threat "highly critical" in its Secunia SA29293 advisory.

"Successful exploitation of these vulnerabilities may allow execution of arbitrary code," Secunia said.

The French Security Incident Response Team (FrSIRT) also issued an advisory, calling the flaw critical.

FrSIRT said a remote attacker could take complete control of a system.

"'file:' URLs, which could be exploited by remote attackers to crash an affected application, launch arbitrary applications and files on a vulnerable system, or execute malicious code by tricking a user into visiting a specially crafted Web page or opening a malformed file," FrSIRT researchers said.

Tags: Securing Productivity Applications, Alternative OS security: Mac, Linux, Unix, etc., VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Securing Productivity Applications
	How to detect software tampering
	Adobe fixes 29 flaws in Acrobat, Reader
	Adobe warns of critical update for Reader, Acrobat 9.1.3
	Why should we place data files on a separate partition than the OS?
	Adobe updates ColdFusion, JRun, Flex
	Serious Adobe Flash flaw being exploited
	Adobe acknowledges serious Flash zero-day vulnerability
	Adobe issues security advisory for Flash zero-day flaw
	When to use the service features of the Metasploit hacking tool
	How to manage patches for Adobe

Alternative OS security: Mac, Linux, Unix, etc.

Machiavelli Mac OS X rootkit unveiled at Black Hat

How secure is 'Platform as a Service (PaaS)?'

Security comparison: Mac OS X vs. Windows

Mac OS memory flaws pose challenges for enterprise endpoint protection

Rootkit Hunter demo: Detect and remove Linux rootkits

Oracle to buy Sun Microsystems for $7.4 billion

How to harden Linux operating systems

Serious holes in Mac OS X memory, researcher shows

What is the best operating system for an FTP server implementation?

Black Hat DC 2009: Mac OS attack method

Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

sheepdip (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

More Tips to Secure Your Network

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy