RSS RSS Twitter Twitter
apple news/media reports

11/26/2007, 11:30am, EST

Monday, November 26th

New QuickTime buffer vulnerability exposed

A new vulnerability in the QuickTime media player has been exposed, says the computer security firm Secunia. The group has just issued a fresh advisory, which points out that a boundary error can be created when processing RTSP replies, simply by using an overly long "Content-Type" header. This in turn leads to a stack-based buffer overflow, which grants attackers the ability to launch arbitrary code. The vulnerability is only confirmed to work on QuickTime 7.3 at present, however, and requires victims to open a QTL file or visit a malicious website.

Secunia does caution that other versions of QuickTime may be exposed, and that the exploit is already out in public. Since Apple has yet to respond to the problem, QuickTime users are warned to avoid unfamiliar links and websites, and never open QTL files from untrusted sources.


Filed under: security, Apple
Other story tags: QuickTime

, , 5comments, del.icio.us, slashdot, digg, buzz , Twitter



5 comments
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
VValdo
Wow...
0
11/26, 12:06pm, EST
this could be bad. Fix, apple?

W
Dedicated MacNNer
Joined May 2001
User is offline
VValdo
I should add...
0
11/26, 12:08pm, EST
I think Leopard's library randomization may help... so actually Tiger users may be more vulnerable.

W
Dedicated MacNNer
Joined May 2001
User is offline
testudo
Re: i should add
0
11/26, 12:18pm, EST
actually, its probably more of a concern for windows users.

But leopard's library randomization has lot's of flaws in it that don't make it as helpful as it could be.
Fresh-Faced Recruit
Joined Aug 2001
User is offline
robttwo
time again
0
11/26, 12:54pm, EST
for the ignorant to panic.

People - this is nothing. And when SHOULDN'T Windows users be concerned, testicular? The fact they use Windows should be cause for normal people to be concerned for them.

Doofuses.
Fresh-Faced Recruit
Joined Nov 2005
User is offline
VValdo
Thanks for clearing that
0
11/27, 10:02pm, EST
thanks for clearing that up robttwo with your insightful technical analysis.

W
Dedicated MacNNer
Joined May 2001
User is offline
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News
Want To Sell Your Laptop? Any Condition - receive Top Cash. Get an instant quote. Free shipping www.CashForLaptops.com

Internet Marketing School - 100% Online: Master SEO, SEM, E Commerce, Media & More with a U of San Francisco Certificate.

Autodesk Inventor For Digital Prototypes: Use Inventor To Virtually Model, Test, and Iterate in 3D & Get To Market Faster!

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.