ITPRO

Printed from www.itpro.co.uk

Register to receive our regular email newsletter at http://www.itpro.co.uk/reg/register.

The newsletter contains links to our latest IT news, product reviews, features and how-to guides, plus special offers and competitions.

Skip to navigation

    Apple patches QuickTime buffer overflow

Fix for buffer overflow that allows hackers to run arbitrary code execution in QuickTime's handling of RTSP URLs.

By Simon Aughton, 24 Jan 2007 at 10:45

Apple has released a security update that addresses a vulnerability in QuickTime where visiting malicious websites may lead to arbitrary code execution.

The flaw is caused by a buffer overflow in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to the execution of code.

The vulnerability was discovered by the Month of Apple Bugs project, which has published a QTL file that triggers the flaw. The update addresses the issue by performing additional validation of RTSP URLs.

Security Update 2007-001 is available for Mac OS X 10.3.9 Panther and Mac OS X 104.8 systems from apple.com/support/downloads. For more information see info.apple.com/kbnum/n304989.

Email to a friend

Print this page

Be the first to comment on this article

You need to Login or Register to comment.

 Sponsored Links

advertisement
advertisement

    Register for IT PRO

You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.

Sponsored Links
Advertisement