Apple releases 'highly critical' QuickTime patch

Powered by SC Magazine
 

Fix available for remote-code exploit released New Year's Day.

Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS and Windows. 

The vulnerability, which was disclosed on the first day of the Month of Apple Bugs (MoAB) project, could allow an attacker to take control of a system and execute malicious code. 

Security firm Secunia rated the vulnerability as 'highly critical', the company's second-highest alert level. 

The attack is carried out when a user accesses a specially crafted QuickTime Link file. The exploit file then uses a vulnerability in the handling of RSTP (streaming media) URLs to cause an error and gain access to the system.

The official fix for the vulnerability can be downloaded from Apple's website or through the software update component in Mac OS X.

Exploit code for the vulnerability was first posted on 1 January by a researcher known as 'LMH'. The vulnerability was the first in the MoAB project, which aims to disclose a new Mac OS X vulnerability every day of the month.

An unofficial patch for the vulnerability was released on the same day by developer Landon Fuller, who is running a counter-project to patch each of the MoAB vulnerabilities. 

Secunia warned users of unpatched systems to avoid opening untrusted QuickTime Link files.
  • Bug eats into Apple security patch software

Copyright ©v3.co.uk


Apple releases 'highly critical' QuickTime patch
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1780

Vote
Do you support the abolition of the Office of the Information Commissioner?