RSS RSS Twitter Twitter
utilities/system updates

01/23/2007, 4:40pm, EST

Tuesday, January 23rd

Apple security update fixes QuickTime flaw

Apple today released Security Update 2007-001, fixing a vulnerability in QuickTime 7.1.3 in various Mac OS X versions that could lead to arbitrary code execution. The buffer overflow exists in QuickTime's handling of RTSP URLs, according to Apple, and is triggered when an unsuspecting user accesses one of these maliciously-crafted addresses. The update addresses the bug -- which was demonstrated in a QTL file that triggers the issue, published earlier this month -- by performing additional validation of RTSP URLs. The vulnerability affects Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8, Mac OS X Server 10.4.8, and Windows 2000/XP. The update is available for free from Apple's website, and is recommended for all users.


Filed under: software

, , 7comments, del.icio.us, slashdot, digg, buzz , Twitter



7 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
jpellino
so much for MOAB
0
01/23, 6:04pm, EST
moab's claim was that apple either doesn't respond or is hostile to security claims - is clearly nonsense. this fix is right in line with all the other fixes apple has released, 99% of them with no push from MOAB's tactics.
Fresh-Faced Recruit
Joined Oct 1999
User is offline
fubar_this
um moab was right
0
01/23, 9:54pm, EST
Apple took 23 days to patch this. Microsoft and many other vendors patch critical security flaws (which this is) much more quickly. Microsoft fixed the wmp file vulnerability in 2 days. Most zero day vulnerabilities in Windows have been fixed within 3 days. Apple took 23 days. For a company that supposedly prides themselves on security that's a LOONG time. Consider this: in many companies, if a zero day flaw appears in Word or Internet Explorer, companies restrict usage of those applications to limit exposure. When the Word zero day flaw hit a couple weeks ago, my company temporarily suspended incoming Word attachments until Microsoft fixed the flaw 2 days later. If Macs were widely used, the equivalent policy would have blocked QuickTime access for 23 days.
Fresh-Faced Recruit
Joined Jul 2006
User is offline
testudo
secuirty update problem
0
01/24, 12:24pm, EST
There's one other huge problem with Apple's security updates. If you're not an Administrator on your computer (say, for example, you listened to all those experts who say "to restrict exposure to problems, be a normal user and login as an admin when you have to"), you never get Apple's security updates. Apple doesn't have an "automatically download and install updates" option. The best they've got is "Download and let me know when its ready", but even that only works for admin accounts.

So, with Apple, you either have to stay in touch constantly with security update bulletins, or log in as an admin user once a week just to see if somethings out there.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
Gepard
Re: secuirty update
0
01/24, 1:07pm, EST
testudo, you are probably a typical PC user. What are you talking about? That just means if you are not an administrator you must not touch anything related to the System. You probably don't own that Mac or you are just a kid that have a limited access to it.

If you are the owner, there is no reasons not to be an administrator. There is no "problems" you are talking about, this is not a PC. It is a very secure machine, unless you don't trust yourself or don't know what you are doing.
Fresh-Faced Recruit
Joined Sep 2000
User is offline
tsmelker
Trouble with the update
0
01/24, 2:12pm, EST
After I installed this update this morning, my Griffin PowerMate programmable control knob stopped responding. I have Griffin Tech Support looking into this issue. Anyone else had problems with this update?
Fresh-Faced Recruit
Joined Feb 2006
User is offline
zac4mac
wasted breath gepard...
0
01/24, 4:21pm, EST
Turtle boy's a troll.

Z
Senior User
Joined Oct 1999
User is offline
tsmelker
Troll alert
0
01/24, 6:20pm, EST
... so is Fubar.
Fresh-Faced Recruit
Joined Feb 2006
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.