Newsletter:

Skip Navigation LinksHome > News > Security > Apple patches QuickTime flaw

Site Map |

Apple patches QuickTime flaw

By Shaun Nichols
3 May 2007 10:40AM
Tags: apple | patches | quicktime | flaw

Windows vulnerability allowed scripted attacks.

Apple has patched a flaw in QuickTime that could allow for remote attacks.

The fix addresses a vulnerability in the Windows Vista and XP versions of QuickTime, which is commonly installed as a browser plug-in or as a component of iTunes. OS X users are not affected.

Apple said that the problem concerns QuickTime Media Links (QTLs) which are often used to launch media files from browsers.

If a specially crafted QTL is launched, QuickTime can allow access to a command line which could then be used to execute malicious code.

Security researcher Petko D Petkov showed last month how a malformed QTL file could be placed within a web page and disguised as a movie or song file.

When clicked, the links would allow for JavaScript code to run with the privileges of the current user.

The researcher provided several proof-of-concept samples which caused vulnerable machines to display alert boxes, launch arbitrary applications and even shut down.

Although the Apple security notice does not specifically mention the report, a spokesperson confirmed to vnunet.com that the fix addresses the flaw described by Petkov.

Users can obtain the update via the Software Update application or from Apple's support site.

Copyright © 2008 vnunet.com

   


Ads by Google


Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 


 
Tripwire - Click here to win an iTouch



Tags

apple critical fixes flaw flaws hits holes iphone itunes leopard mac macbook microsoft patches quicktime safari security store update windows


Product Reviews

AdventNet ManageEngine
Star Rating
The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...
Cyber-Ark Software Enterprise Password Vault
Star Rating
The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.
Hitachi ID Systems ID-Archive
Star Rating
The Hitachi ID-Archive sets its focus on password randomisation.
Lieberman Software Enterprise Random PM
Star Rating
The Lieberman Software Enterprise Random Pass­word Manager is a full-on password manager and randomiser for...
Proginet Corporation SecurForce
Star Rating
Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.
Unified Communications Podcast Centre

TopTopics
(4882) -  broadband
(4779) -  telstra
(4742) -  nbn
(4332) -  internet
(4004) -  iinet
(3977) -  copyright
(3977) -  afact
(3675) -  servers
(3675) -  mipi
(2852) -  internode
(2443) -  network
(2197) -  microsoft
(1565) -  data
(1518) -  software
(1370) -  centre