
	Home > Security News > Apple updates QuickTime to plug dangerous flaw

Security News:

EMAIL THIS

Apple updates QuickTime to plug dangerous flaw

By SearchSecurity.com Staff
10 Jun 2008 | SearchSecurity.com

Security Wire Daily News

Digg This! StumbleUpon Del.icio.us

Apple plugged a hole in its popular QuickTime media player, fixing several media processing errors that could be exploited to gain access to a victim's machine.

Apple released QuickTime version 7.5, which plugs the flaws. It issued an advisory Tuesday confirming the flaw.

Apple said a boundary error existed in the media player. It could have been exploited to cause a heap-based buffer overflow. QuickTime also had a memory corruption issue when processing AAC-encoded media, Indeo video codecs and PICT files.

Danish vulnerability clearinghouse Secunia, labeled the threat "highly critical" in its Secunia SA29293 advisory.

"Successful exploitation of these vulnerabilities may allow execution of arbitrary code," Secunia said.

The French Security Incident Response Team (FrSIRT) also issued an advisory, calling the flaw critical.

FrSIRT said a remote attacker could take complete control of a system.

"'file:' URLs, which could be exploited by remote attackers to crash an affected application, launch arbitrary applications and files on a vulnerable system, or execute malicious code by tricking a user into visiting a specially crafted Web page or opening a malformed file," FrSIRT researchers said.

Tags: Securing Productivity Applications, Alternative OS security: Mac, Linux, Unix, etc., VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Securing Productivity Applications
	Adobe ColdFusion websites being compromised
	Adobe fixes critical Shockwave Flash Player flaw
	Adobe issues first quarterly patch release fixing 13 flaws
	Adobe shifts to Microsoft patching process, incident response plan
	Balancing security and performance: Protecting layer 7 on the network
	Software Piracy pandemic needs government role, better vendor antipiracy plans
	McAfee to acquire Solidcore Systems for whitelisting
	Adobe issues Reader update fixing zero-day flaw
	Microsoft to patch critical PowerPoint zero-day flaw
	PCI DSS: Best practices for compliance

Alternative OS security: Mac, Linux, Unix, etc.

Mac OS memory flaws pose challenges for enterprise endpoint protection

Rootkit Hunter demo: Detect and remove Linux rootkits

Oracle to buy Sun Microsystems for $7.4 billion

How to harden Linux operating systems

Serious holes in Mac OS X memory, researcher shows

What is the best operating system for an FTP server implementation?

Black Hat DC 2009: Mac OS attack method

New hacking method stealthily attacks Macs with malware

Apple fixes critical QuickTime flaws

User provisioning and SSO for PeopleSoft- and Unix-based products

Alternative OS security: Mac, Linux, Unix, etc. Research

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

sheepdip (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

More Tips to Secure Your Network
Focused on Channel Security?

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy