toggle

AAPL Stock: 505.32 ( + 3.11 )

New QuickTime buffer vulnerability exposed

updated 11:30 am EST, Mon November 26, 2007

New QuickTime flaw exposed


A new vulnerability in the QuickTime media player has been exposed, says the computer security firm Secunia. The group has just issued a fresh advisory, which points out that a boundary error can be created when processing RTSP replies, simply by using an overly long "Content-Type" header. This in turn leads to a stack-based buffer overflow, which grants attackers the ability to launch arbitrary code. The vulnerability is only confirmed to work on QuickTime 7.3 at present, however, and requires victims to open a QTL file or visit a malicious website.

Secunia does caution that other versions of QuickTime may be exposed, and that the exploit is already out in public. Since Apple has yet to respond to the problem, QuickTime users are warned to avoid unfamiliar links and websites, and never open QTL files from untrusted sources.


by MacNN Staff

print
email
(5)

TAGS :

 QuickTime, security, Apple

Related Articles

Recent Articles

toggle

Comments

  1. VValdo

    Dedicated MacNNer

    Joined: May 2001

    0
    11/26, 12:06pm | report spam | Reply |

    Wow...

    this could be bad. Fix, apple?

    W

  1. VValdo

    Dedicated MacNNer

    Joined: May 2001

    0
    11/26, 12:08pm | report spam | Reply |

    I should add...

    I think Leopard's library randomization may help... so actually Tiger users may be more vulnerable.

    W

  1. testudo

    Fresh-Faced Recruit

    Joined: Aug 2001

    0
    11/26, 12:18pm | report spam | Reply |

    Re: i should add

    actually, its probably more of a concern for windows users.

    But leopard's library randomization has lot's of flaws in it that don't make it as helpful as it could be.

  1. robttwo

    Fresh-Faced Recruit

    Joined: Nov 2005

    0
    11/26, 12:54pm | report spam | Reply |

    time again

    for the ignorant to panic.

    People - this is nothing. And when SHOULDN'T Windows users be concerned, testicular? The fact they use Windows should be cause for normal people to be concerned for them.

    Doofuses.

  1. VValdo

    Dedicated MacNNer

    Joined: May 2001

    0
    11/27, 10:02pm | report spam | Reply |

    Thanks for clearing that

    thanks for clearing that up robttwo with your insightful technical analysis.

    W

Login Here

Not a member of the MacNN forums? Register now for free.

 
close
Photo
toggle

Network Headlines

toggle

Most Popular

10 Most Read

Recent Reviews

Powerbag Business Class Bag

Many companies currently offer battery packs and various accessories to keep smartphones and other gadgets charged when away from an o ...

Logitech Cube

The world of mice could often be described charitably as stagnant: it's an endless sea of ergonomic shapes that assume you're sitting ...

NewerTech and Targus USB Hubs For Gifts

A useful holiday present to resolve an ongoing frustration is a multi-port hub. Whether as a stocking stuffer, Chanukah present, or an ...

toggle

Most Commented

10 Most Discussed

 

Popular News