Apple patches QuickTime bug | The Register

Skip to content

Security:

News Tools

Reg Shops

Top Stories

Read more top stories

Related Whitepapers

What Every E-Business Should Know about SSL Security and Consumer Trust
A Verisign Business Guide
SSL in High-Security Browsers
The Browser Security Revolution
The Strategic Role of IT Culture in Business Performance
The Register Desktop Support Seminar
Podcast : Why Today's Spam Filters Fail
Listen or download now
The Register Guides : The status of iSCSI
A Primer on Internet SCSI, a protocol to transport SCSI commands over IP
Virtualization Management
John Gilmartin on Virtualization Management

The Register » Security »

Apple patches QuickTime bug

Fruity

By John Leyden → More by this author

Published Wednesday 24th January 2007 12:48 GMT

How IT Management Can "Green" the Data Center - Free Download

Apple has fixed a flaw in its QuickTime media playback software that allowed malicious coders to install malware onto vulnerable systems.

The vulnerability - which affects both Windows and Mac OS X PCs - was published as part of the "Month of Apple Bugs" project, which involves a plan to release details of previously undisclosed Mac OS X or Apple application security bugs every day in January.

The QuickTime flaw involves an error in processing malformed Real Time Streaming Protocol (RTSP) URLs. As a result, users tricked into running malformed QuickTime files or who visit a hacker website hosting exploit code are liable to find their systems compromised due to this stack-based buffer overflow bug.

The flaw attracted particular attention because of the availability of exploit code targeting it, which greatly increased the risk it posed.

Apple has released fixes for QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000as (explained here), which users are advised to apply in order to guard against exploitation. ®

Fixed to Fluid: Enabling Data Center Metamorphosis - Free download

Track this type of story as a custom Atom/RSS feed or by email.

Related stories

RealPlayer users warned over unpatched vuln (3 January 2008)
Security maven: QuickTime flaw threatens PCs, Macs (12 September 2007)
Serious security hole plugged in RealPlayer and HelixPlayer (28 June 2007)
Apple patches more than a dozen holes in OS X (25 May 2007)
Apple patches security hole in QuickTime (2 May 2007)
QuickTime, not Safari, to blame for MacBook vuln (25 April 2007)
Safari zero-day exploit nets $10,000 prize (20 April 2007)
Exploit for latest Windows vuln already animated (30 March 2007)
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
Apple megapatch fixes multiple flaws (14 March 2007)
Apple QuickTime update lances multiple bugs (6 March 2007)
Bug brokers offering higher bounties (25 January 2007)
Month of Apple Bugs scheme yields first fixes (5 January 2007)
Unpatched bug bites QuickTime (3 January 2007)
Apple updates to defend against OS, app and QuickTime flaws (15 May 2006)

Post to Slashdot

Add to del.icio.us

Previous Article

From small embedded OS to the world's most used open mobile OS

whitepaper title

The Register Guides : The status of iSCSI

Now that the hype's abated, have companies backing iSCSI have run out of energy and patience, or is the technology becoming commonplace and accepted?.

whitepaper title

Webcast : Why Today's Spam Filters Fail

This webcast covers the cost of spam, how we filter spam today; why it's not good enough, and the advantages of Abaca's new ReceiverNet technology..

Whitepapers
Competitive Advantages Abound for Discrete Mid-Market Manufacturers Software Smart Cards via Cryptographic Camouflage How to achieve Customer Intimacy Making mobility manageable

How IT Management Can "Green" the Data Center

A Gartner Report

Download for free NOW

Top 20 stories • All The Week’s Headlines • Archive • Search