AAPL Stock: 110.38 ( + 0.8 )

Printed from

Vulnerability discovered in QuickTime 7.5.5

updated 09:25 am EDT, Thu September 18, 2008

QuickTime 7.5.5 flaw

A possible security hole has been discovered in QuickTime 7.5.5, which was released last week alongside iTunes 8. Symantec researcher Aaron Adams notes that a particular parameter in QuickTime is not geared to cope with strings past a certain length, and that if this trait were to be properly exploited, it could represent a security threat. "Symantec is currently investigating this flaw further to determine the underlying technical details," Adams' official note reads.

Present testing has only been able to force QuickTime to crash, but it is believed that the potential exists to run arbitrary code, which if true could cause significant danger to QuickTime users. An interested hacker could embed a malicious file onto a website, and launch an attack with minimal interaction on the part of the victim.

Adams suggests that there is currently no real defense against such an attack, beyond avoiding suspicious websites or disabling the QuickTime plug-ins of various browsers.

by MacNN Staff





  1. Marook

    Joined: Dec 1969


    Ohh, disable it?

    Come on - you point to a POTENTIAL issue where QT crashes. Ok, that's a bad thing, all that crashing, but it 'just' crashes.

    Come back when you actually have a security hole!

  1. jhawk95

    Joined: Dec 1969


    End of financial quarter

    Time to sell a few more copies of Symantec before the quarter ends, eh?

    IF QT does this, and IF a malicous hacker does that, and then IF he puts it on his website which I will NEVER visit because I only surf where I choose to surf and not out on some hackers website looking for pictures of Brad Pitt, and IF I then download it, and IF I am not on a Mac and then IF it crashes my QT then I will just break down and cry and probably end my life over QT crashing.

    Give me a break. Enough with the scare tactics. Go sell your software to someone who needs it.... the ever-dwindling pool of idiots using Windoze products.

  1. Mr. Strat

    Joined: Dec 1969


    Let the FUD begin!

    Hmmm...somebody from a company that produces anti-virus software warns of a possible threat.

    f*** off!

  1. testudo

    Joined: Dec 1969



    You all don't know what the h*** you're talking about. First, the guy was actually responding to a posting of the issue on a hacker web site. I guess you all just don't care, but at least Symantec responded (let's see how long before Apple responds to the information).

    And neither say a security problem exists. It suggests a problem does exist (which it does), but so far they've not yet proved that it could be used to execute arbitrary code.

    Oh, and it also is a Mac and Windows issue.

    BTW, jhawk, Symantec doesn't check for this flaw, so there's no need to buy the software in the first place.

    And if it were something in Windows Media Player or IE, you'd be laughing up a storm, not saying "Yeah, but who goes to some hacker website and view a video.".

    Mac users: The set of people who believe information is useless, and security is built-in and not a concern. Gotta love them!

  1. nat

    Joined: Dec 1969


    he just never tires

    i suppose his constant bashing of all things apple is because he has absolutely nothing better to do. as in nothing at all whatsoever.

    and we're the fools. i like it so much better when he disappears for long periods of time. but then he comes back with the EXACT SAME MO EVERY SINGLE TIME. repeating, ad nauseam, the same thing OVER AND OVER AND OVER AND OVER AND OVER AND OVER...

    testudo, my dear boy, WE DON'T GIVE A F&*K. are you really so stupid?

  1. afaby

    Joined: Dec 1969



    QuickTime has about 20 years worth of legacy code and needs to be completely rewritten using the modern Cocoa frameworks from the ground up. I hope QuickTime X in Snow Leopard is just such a thing, instead of putting lipstick on a pig.

  1. testudo

    Joined: Dec 1969


    never tires

    Well, posters here never tire of the stupid "Oh, its just a virus company trying to scare people" rants. But they're OK?

    And the only bashing of Apple I did was to comment on the fact Apple will NOT comment on this issue. In fact, if Symantec didn't pick it up, the only ones knowing about it would probably be the hackers themselves.

    But, I know, hackers aren't problems. They're good people.

  1. jhawk95

    Joined: Dec 1969



    I mean Testudo... show me one virus or trojan that has penetrated any Mac runing any version of OS X, any iPod or any iPhone...

    NONE EXIST in the Wild.

    So Shut The f*** up already!

  1. portisman

    Joined: Dec 1969


    Are you people serious?

    This is a buffer overrun. This is not a little problem. This is the type of problem that can be exploited by novice hackers. Buffer overruns allow malicious users to plant trojans, keyloggers, and potentially take control of your machine.

    Mac users really need to understand that OS X is great and Mac is awesome, but the more market share Mac gets, the more it is going to be subject to exploits.

    These guys are already discussing how to exploit it:

    The National Vulnerability Database lists it as a high severity impact:;jsessionid=9cd57844ed038040099c12069cd1?execution=e1s1

    It's not a matter of Mac bashing, it's just a matter of being aware that there are actually real vulnerabilities in every operating system. It's not a put-down, it's a warning.

  1. Someone Else

    Joined: Dec 1969



    jhawk95 said...

    "I mean Testudo... show me one virus or trojan that has penetrated any Mac runing any version of OS X, any iPod or any iPhone...

    NONE EXIST in the Wild.
    So Shut The f*** up already!"
    This one is still in the wild and has bitten many Mac users:


Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented