Apple fixes HTTP-response vulnerability in QuickTime

By
Follow google news

Apple on Wednesday released a new version of its QuickTime media player, patching a flaw in the application on both Windows and Mac OS X operating systems.


Apple fixed a bug in OS X versions 10.3.9, 10.4.9, 10.5 or later as well as Windows Vista and XP with Service Pack 2. The bug could allow application termination or arbitrary code execution.

The heap buffer overflow vulnerability exists in QuickTime's handling of HTTP responses when RTSP tunnelling is enabled. The flaw, discovered last month by researcher Luigi Auriemma, can be exploited when an end-user visits a maliciously crafted webpage.

Secunia, a Copenhagen-based vulnerability monitoring organisation, had ranked the flaw “highly critical,” meaning that it was a zero-day bug, but no exploit was seen in the wild.

FrSIRT, the French Security Incident Response Team, called the flaw “critical” in the sense that it can be exploited from a remote location.

US-CERT also warned users about the flaw last month, providing a number of workarounds while advising users to avoid links including URL encoding, IP address variations, long URLs and intentional misspellings.

Apple fixed four other bugs in the release of QuickTime 7.4 in the days following the HTTP bug's disclosure.

See original article on scmagazineus.com

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
security

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?