toggle

AAPL Stock: 497.67 ( 0 )

Apple security update fixes QuickTime flaw

updated 04:40 pm EST, Tue January 23, 2007

Apple Security Update


Apple today released Security Update 2007-001, fixing a vulnerability in QuickTime 7.1.3 in various Mac OS X versions that could lead to arbitrary code execution. The buffer overflow exists in QuickTime's handling of RTSP URLs, according to Apple, and is triggered when an unsuspecting user accesses one of these maliciously-crafted addresses. The update addresses the bug -- which was demonstrated in a QTL file that triggers the issue, published earlier this month -- by performing additional validation of RTSP URLs. The vulnerability affects Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8, Mac OS X Server 10.4.8, and Windows 2000/XP. The update is available for free from Apple's website, and is recommended for all users.


by MacNN Staff

print
email
(7)

TAGS :

 software

Related Articles

Recent Articles

toggle

Comments

  1. jpellino

    Fresh-Faced Recruit

    Joined: Oct 1999

    0
    01/23, 06:04pm | report spam | Reply |

    so much for MOAB

    moab's claim was that apple either doesn't respond or is hostile to security claims - is clearly nonsense. this fix is right in line with all the other fixes apple has released, 99% of them with no push from MOAB's tactics.

  1. fubar_this

    Fresh-Faced Recruit

    Joined: Jul 2006

    0
    01/23, 09:54pm | report spam | Reply |

    um moab was right

    Apple took 23 days to patch this. Microsoft and many other vendors patch critical security flaws (which this is) much more quickly. Microsoft fixed the wmp file vulnerability in 2 days. Most zero day vulnerabilities in Windows have been fixed within 3 days. Apple took 23 days. For a company that supposedly prides themselves on security that's a LOONG time. Consider this: in many companies, if a zero day flaw appears in Word or Internet Explorer, companies restrict usage of those applications to limit exposure. When the Word zero day flaw hit a couple weeks ago, my company temporarily suspended incoming Word attachments until Microsoft fixed the flaw 2 days later. If Macs were widely used, the equivalent policy would have blocked QuickTime access for 23 days.

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    01/24, 12:24pm | report spam | Reply |

    secuirty update problem

    There's one other huge problem with Apple's security updates. If you're not an Administrator on your computer (say, for example, you listened to all those experts who say "to restrict exposure to problems, be a normal user and login as an admin when you have to"), you never get Apple's security updates. Apple doesn't have an "automatically download and install updates" option. The best they've got is "Download and let me know when its ready", but even that only works for admin accounts.

    So, with Apple, you either have to stay in touch constantly with security update bulletins, or log in as an admin user once a week just to see if somethings out there.

  1. Gepard

    Fresh-Faced Recruit

    Joined: Sep 2000

    0
    01/24, 01:07pm | report spam | Reply |

    Re: secuirty update

    testudo, you are probably a typical PC user. What are you talking about? That just means if you are not an administrator you must not touch anything related to the System. You probably don't own that Mac or you are just a kid that have a limited access to it.

    If you are the owner, there is no reasons not to be an administrator. There is no "problems" you are talking about, this is not a PC. It is a very secure machine, unless you don't trust yourself or don't know what you are doing.

  1. tsmelker

    Fresh-Faced Recruit

    Joined: Feb 2006

    0
    01/24, 02:12pm | report spam | Reply |

    Trouble with the update

    After I installed this update this morning, my Griffin PowerMate programmable control k*** stopped responding. I have Griffin Tech Support looking into this issue. Anyone else had problems with this update?

  1. zac4mac

    Mac Elite

    Joined: Oct 1999

    0
    01/24, 04:21pm | report spam | Reply |

    wasted breath gepard...

    Turtle boy's a troll.

    Z

  1. tsmelker

    Fresh-Faced Recruit

    Joined: Feb 2006

    0
    01/24, 06:20pm | report spam | Reply |

    Troll alert

    ... so is Fubar.

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

X-Rite ColorMunki Photo

Color calibration is the art of tweaking your monitor so that the colors represented on screen better match real life and your printer ...

toggle

Most Commented

10 Most Discussed

 

Popular News