The heap buffer overflow vulnerability exists in QuickTime's handling of HTTP responses when RTSP tunnelling is enabled. The flaw, discovered last month by researcher Luigi Auriemma, can be exploited when an end-user visits a maliciously crafted webpage.
Secunia, a Copenhagen-based vulnerability monitoring organisation, had ranked the flaw “highly critical,” meaning that it was a zero-day bug, but no exploit was seen in the wild.
FrSIRT, the French Security Incident Response Team, called the flaw “critical” in the sense that it can be exploited from a remote location.
US-CERT also warned users about the flaw last month, providing a number of workarounds while advising users to avoid links including URL encoding, IP address variations, long URLs and intentional misspellings.
Apple fixed four other bugs in the release of QuickTime 7.4 in the days following the HTTP bug's disclosure.
See original article on scmagazineus.com
_(37).jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
Cyber Resilience Summit
iTnews Executive Retreat - Security Leaders Edition
Huntress + Eftsure Virtual Event -Fighting A New Frontier of Cyber-Fraud: How Leaders Can Work Together
iTnews Cloud Covered Breakfast Summit
Live & Hands On Demo: Navigating the BMC AMI DevX Platform to Understand Code Faster Using AI
.jpg&h=271&w=480&c=1&s=1)
_(1).jpg&h=140&w=231&c=1&s=0)
