News Stay informed about the latest enterprise technology news and product updates.

Apple updates QuickTime to plug serious flaw

Apple worked quickly to address the zero-day buffer-overflow flaw in its widely used QuickTime media player, becuase exploit code surfaced late last month.

Apple Inc. today released a new version of QuickTime to address a serious zero-day flaw in the media player that could have been exploited to cause a buffer-overflow and hijack vulnerable computers.

The Apple update of QuickTime 7.3.1 addresses a boundary error that surfaces when affected machines try to process RTSP replies.

"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," Apple said in its advisory to customers.

The update is available for Quicktime running on Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, and Windows Vista, XP SP2.

A proof-of-concept code was available that could be used to trigger remote code execution for QuickTime on Microsoft Windows Vista and XP, as well as versions of Mac OS X.

"Successful exploitation allows execution of arbitrary code and requires that the user is tricked into opening a malicious QTL file or visiting a malicious Web site," Danish vulnerability clearinghouse Secunia said in its advisory.

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.