After attacks, Apple fixes QuickTime bug

Apple has patched a critical security flaw in QuickTime that was being exploited by attackers.

Robert McMillan (IDG News Service)
14 December, 2007 12:19
Comments

Apple has released a new security patch for QuickTime, its eighth update this year for the media player software.

The update addresses three critical security holes in QuickTime, including a vulnerability that has been used in attacks by online criminals.

The most critical of the flaws lies in QuickTime's implementation of the Real Time Streaming Protocol (RTSP), used to play audio and video over the Internet. The flaw was made public Nov. 23, and in early December attackers began exploiting the flaw in online attacks. By tricking victims into visiting a malicious Web site that exploited the flaw, hackers were able to install malicious software on the victims' PCs.

To date, these attacks have targeted Windows-based systems, but security experts say that Mac OS X users are also at risk to the vulnerability. Apple issued patches for both Windows and Mac OS X users on Thursday.

The second critical vulnerability, which had apparently not been publicly disclosed, has to do with a flaw in the QuickTime Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new bugs.

Apple also patched a handful of similar bugs in the way that QuickTime handles Adobe's Flash media format. The most serious of these flaws could let attackers run unauthorized software on the computer, much as the RTSP bug does, Apple said.

With security researchers paying special attention to media format bugs, Apple has had to patch QuickTime frequently this year. Some of these updates have come just weeks apart. Apple last patched QuickTime on Nov. 5.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email Computerworld
Follow Computerworld on twitter

More about: Adobe, Apple, CGI

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

The 2009 SNIA Dictionary

The SNIA Dictionary contains terms and definitions related to storage and other information technologies, and is the storage networking industry's most comprehensive attempt to date to arrive at a common body of terminology for the technologies it represents. The terms go through a rigorous technical review and approval process by the SNIA Technical Council to assure their accuracy.

Featured Download

Microsoft Security Essentials

Microsoft Security Essentials provides your home PC with real-time protection. It constantly uses the latest technology ensuring that you will always stay up to date ...

Zones

Most Popular Whitepapers

FTP Replacement: Where MFT Makes Sense and Why You Should Care

This research provides advice on when to replace FTP with managed file transfer (MFT) solutions, and which features to consider. This Gartner report includes MFT software and MFT as a service. Also highlighted is where MFT fits into the technology landscape and some of the key benefits. Key Findings include: - Technical differences between FTP and MFT including security, administration and scalability - Implementation concerns that organisations should be aware of (when migrating) - List of vendors and how they are expanding their MFT porfolios (including IBM)

Popular tags: Business Management, Security, Storage, Data Centre, Master Data Management

Latest Jobs

HP and IDG news, product videos and resources

Market Place

After attacks, Apple fixes QuickTime bug

Comments

Post new comment

5 ways to secure your Facebook profile in a post-Timeline world

More Australians switch on IPTV: Study

Which tablet should I buy? iPad 2 vs Sony Tablet S

iPad 3 rumour rollup for the week of February 7

Amazon launches India online shopping site

IPv6 technology guide

SA minister urges change to Facebook ban

Microsoft at a loss over Event Viewer scam

TPG faces customer backlash over slowed net speeds

Exetel's John Linton passes away

NBN Co wholesale pricing too high: Telstra

The 2009 SNIA Dictionary

How and Why to Create Data Destruction Policies

Case Study: Fairbrother constructs a reliable backup platform across its remote Branch Locations

Optimising your Infrastructure for Cloud Computing - Best practices for managing a cloud IT environment

Microsoft Security Essentials

Application Lifecycle Management

HP Converged Storage Zone

EMC Next Generation Backup – Backup & Recovery Solutions

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

FTP Replacement: Where MFT Makes Sense and Why You Should Care

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Enabling Agile and Intelligent Businesses

Managed Services Strategy Guide

Keeping up With Ever-Expanding Enterprise Data - 2010 IOUG Database Growth Survey

Computerworld newsletter

Don't have an account?

After attacks, Apple fixes QuickTime bug

Comments

Post new comment

Computerworld newsletter