Apple patches QuickTime buffer overflow
By Simon Aughton,
Apple has released a security update that addresses a vulnerability in QuickTime where visiting malicious websites may lead to arbitrary code execution.
The flaw is caused by a buffer overflow in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to the execution of code.
The vulnerability was discovered by the Month of Apple Bugs project, which has published a QTL file that triggers the flaw. The update addresses the issue by performing additional validation of RTSP URLs.
Security Update 2007-001 is available for Mac OS X 10.3.9 Panther and Mac OS X 104.8 systems from apple.com/support/downloads. For more information see info.apple.com/kbnum/n304989.
Sponsored Links
advertisement
Latest Networking Analysis & Insight
Bring you own device: the $600 question
Inside the enterprise: A recent Cisco report claims bring your own device is gaining support from IT departments. But how much are staff willing to invest in personal technology?
- Interop 2012: Q&A, Saar Gillai, CTO, HP Networking
- Is BT the key to broadband Britain?
- Tencent: the biggest web company you’ve never heard of
- The truth about spam
- Have ISPs finally lost the DEA fight?
- Are you ready to launch IPv6 securely?
- Broadband, pricing and small businesses
- Welcome to the stay-at-home Olympics
- Q&A: Cisco on servers, storage and strategy
Latest Networking Reviews
HP t410 All-in-One Thin Client review: First look
- Swyx SwyxExpress X20 review
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
advertisement
Most popular
- Apple iPad 3 vs iPad 2 head-to-head review
- Hutchison denies it will pull plug on Three UK
- EMC World 2012: Tucci declares Documentum is here to stay
- ICO: Fines for cookie law breakers
- EMC World 2012: EMC talks up cloud, security and big data
- Dell PowerEdge R820 review
- Sony Vaio T13 Ultrabook review: First look
- BlackBerry 7 OS certified to carry 'Restricted' UK government information
- Facebook floatation marred by Nasdaq glitch
- CIO: Career is over?
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
