News Stay informed about the latest enterprise technology news and product updates.

Another day, another QuickTime zero-day

Here we go again …

Vulnerability researcher Luigi Auriemma has reported an Apple QuickTime flaw attackers could exploit to hijack targeted machines.

The problem is a boundary error in how RTSP replies are handled, and it can be exploited to cause a buffer overflow by sending a specially crafted reply containing an overly-long “Reason-Phrase.” From there, the attacker could then trick the user into opening a malicious .qtl file or visiting a malicious Web site.

The vulnerability is reported in version 7.3.1.70.

Danish vulnerability clearinghouse Secunia recommends users avoid untrusted Web sites and .qtl files.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close