Apple patches QuickTime flaw

News

Apple patches QuickTime flaw

Antony Savvas

Apple has patched a critical security flaw in its QuickTime media software.

The company has issued the patch after exploit code for the flaw had already appeared on the internet.

Security Update 2007-001 can be downloaded and installed via Apple Software Update preferences or from Apple Downloads.

The flaw leaves users’ systems open to remote attack if they visit certain malicious websites, confirmed Apple.
   
The security hole is a result of a buffer overflow opportunity that exists in QuickTime's handling of RTSP URLs.

By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.

The update addresses the issue by performing additional validation of RTSP URLs, said Apple.

Critical security bug found in Apple OS

Month of Apple bugs

Comment on this article: computer.weekly@rbi.co.uk

Related Topics: PC hardware, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy