We are currently experiencing server issues, please excuse any mess. More details are availble here.
Apple patches QuickTime exploit published by MoAB websiteApple on Tuesday released a security update for its QuickTime digital media software in response to a vulnerability discovered by security researchers associated with the Month of Apple Bugs website.
The Cupertino-based company said Security Update 2007-001 — its first security update of the 2007 calendar year — plugs an exploit where QuickTime users visiting maliciously crafted websites could fall victim to arbitrary code execution.
"A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution," the company said. "A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007)."
Apple added that its fix for the issue includes performing additional validation of RTSP URLs.
The security update is available for QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, and Windows XP/2000.
The Month of Apple Bugs initiative is an effort by security analysts to improve Apple's Mac OS X operating system, uncovering and finding security flaws in different versions of the company's software and third-party applications.
Apple's security update released Tuesday targets the first of those reported flaws. The Month of Apple Bugs website has since gone on to list 21 additional vulnerabilities in Mac OS X related software, one for each day of the month.
On Topic: General
- Apple CEO Tim Cook to headline Sen. Orrin Hatch's Utah Tech Tour on Friday
- Spotify reportedly engaging SoundCloud in advanced buyout negotiations
- Apple partners with leading business service provider Deloitte for enterprise IT
- Second man pleads gulity in 'Celebgate' hacks of iCloud & Gmail accounts
- Apple to house 1,400 employees at London's restored Battersea Power Station starting in 2021