toggle

AAPL Stock: 128.46 ( -1.96 )

Printed from http://www.macnn.com

Apple fixes Passcode Lock, QuickTime flaws

updated 05:15 pm EST, Tue January 15, 2008

Apple fixes security flaws

Apple's newest QuickTime software and iPhone/iPod touch v1.1.3 updates bring a number of security enhancements, fixing three security concerns in the software for mobile devices and four security flaws in QuickTime, Apple's underlying music and video technology. The iPod/iPhone 1.1.3 update fixes an issue with Passcode Lock, Safari, and its operating system ("Foundation"). The company notes that, before the patch, accessing a maliciously crafted URL could have lead to an application termination or arbitrary code execution. In addition, it fixes an implementation issue with Passcode lock whereby users could launch an application without entering a pass code: "An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode," Apple wrote. "This update addresses the issue through an improved check on the state of the Passcode Lock."

Finally, version 1.1.3 of the mobile device software addresses an issue with a cross-site scripting attack, which could lead to the disclosure of sensitive information.

Version 7.4 of QuickTime fixes a bug in both Tiger and Leopard (as well as Windows) where viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. The company said that a memory corruption issue exists in QuickTime's handling of Sorenson 3 video files and that the update addresses the issue by performing additional validation of Sorenson 3 video files. In addition, the update fixed similar flaws in QuickTime's handling of Macintosh Resource records in movie files and in QuickTime's parsing of Image Descriptor (IDSC) atoms. Finally, it addressed a fourth cross-platform QuickTime flaw, which was patched in the current update; it could have caused by a buffer overflow may occur while processing a compressed PICT image.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Advertisement

Recent Reviews

OmniPlan (OS X, iOS)

We reviewed the Omni Group's most famous Mac software, a To Do app called OmniFocus, back in June 2014, and we were impressed. Some o ...

Epson PowerLite Home Cinema 3500 projector

Trying to find the perfect projector for a home theater can be tricky, as there are bountiful options on the market from a large numbe ...

Thecus N2310 NAS

For every computer user, there comes a point of critical mass in data storage. When it hits, external hard drives, USB sticks and DVD ...

toggle

Most Commented