The Cupertino, Calif.-based computing giant said the flaws, affecting Darwin Streamer Server 5.5.4 and all prior versions, may allow remote attackers to cause a system crash or execute arbitrary code.
Apple issued the patches as part of its 12th security update of the year. By this time last year, Apple released seven fixes, but the company delivered two patches on 11 May, 2006.
The two bugs in the Darwin Streamer Server, Apple’s open-source version of the QuickTime Streaming Server, are caused by stack and heap overflow errors that occur when processing either RTSP (real-time streaming protocol) or SETUP requests, according to a FrSIRT advisory today.
An anonymous researcher reported the flaws to VeriSign iDefense Labs, according to Apple.
Apple fixes two Darwin Streamer flaws
By Dan Kaplan on May 14, 2007 9:48AM