Apple fixes critical QuickTime flaws

By
Follow google news

Apple has issued an update for the Mac and Windows versions of QuickTime..


The update addresses 11 vulnerabilities in the multimedia player software, nine of which could be exploited by an attacker to remotely execute code on a target system.

All the flaws affect Windows XP and Vista systems. Eight of the vulnerabilities also affect the Mac OS X version of QuickTime.

Five remote code execution flaws could be exploited by way of specially-crafted movie files.

Such files could also be used to execute another flaw which allows for the launching of external URLs, which Apple said could allow for information disclosure.

Three of the flaws could be exploited by way of Pict files and used by an attacker for remote code execution.

The remaining two flaws include a remote code execution flaw in the handling of QuickTime VR files and a flaw which could allow Java applets to obtain elevated privileges.

The QuickTime update can be obtained via Apple's Software Update utility or at the Apple Downloads site.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
applecriticalfixesflawsquicktimesecurity

Sponsored Whitepapers

5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide

Events

Most Read Articles

Supply chain attack hits 100 million-download Axios npm package

Supply chain attack hits 100 million-download Axios npm package
NAB is co-designing a SIEM with Databricks

NAB is co-designing a SIEM with Databricks
APRA pulls data submission system after security pentest

APRA pulls data submission system after security pentest
Councils push for federal shared security centre funding

Councils push for federal shared security centre funding
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?