Apple patches QuickTime flaw

By

Windows vulnerability allowed scripted attacks.

Apple patches QuickTime flaw
Apple has patched a flaw in QuickTime that could allow for remote attacks.

The fix addresses a vulnerability in the Windows Vista and XP versions of QuickTime, which is commonly installed as a browser plug-in or as a component of iTunes. OS X users are not affected.

Apple said that the problem concerns QuickTime Media Links (QTLs) which are often used to launch media files from browsers.

If a specially crafted QTL is launched, QuickTime can allow access to a command line which could then be used to execute malicious code.

Security researcher Petko D Petkov showed last month how a malformed QTL file could be placed within a web page and disguised as a movie or song file.

When clicked, the links would allow for JavaScript code to run with the privileges of the current user.

The researcher provided several proof-of-concept samples which caused vulnerable machines to display alert boxes, launch arbitrary applications and even shut down.

Although the Apple security notice does not specifically mention the report, a spokesperson confirmed to vnunet.com that the fix addresses the flaw described by Petkov.

Users can obtain the update via the Software Update application or from Apple's support site.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?