Apple Computer late Thursday issued an alert about flaws in its QuickTime media player that could allow a malicious attacker to launch a denial-of-service attack or remote code execution.
QuickTime versions 6.5.2 and 7.0.1 for the Mac OS X operating system are affected by the vulnerabilities, as well as some versions for Microsoft Windows, according to a Friday report by security company Secunia, which rated the vulnerabilities "highly critical."
Apple has issued an update, QuickTime 7.0.3, to fix the four flaws. The patch was posted to Apple's Web site on Oct. 12.
One vulnerability can result in a denial-of-service, or DOS, attack against any application loading remotely originated content. The flaw involves a missing movie attribute, which is interpreted as an extension. The absence of the actual extension, however, is not detected, resulting in a "dereference of a null pointer," Apple warned.
Another security hole involves an integer overflow that may be remotely exploited through a specially crafted video file. This could lead to an arbitrary execution of code.
"Three of the vulnerabilities can launch malicious code that allows an attacker to snoop on users," said Thomas Kristensen, Secunia's chief technology officer. "The other vulnerability is a DOS attack that will only work in a few cases and crash the media player when it tries to open a file."
Last June, Apple released QuickTime 7.0.1 to address a security flaw and deliver several improvements to its media player. The update was designed to modify the Quartz Composer plug-in, which previously could allow an attacker to tap into local data and distribute it to an arbitrary Web site.
I know what you mean. Ty is a mac zealot, and actually does make the regular user of macs look bad. I, myself use a mac, and very much enjoy working in OSX. I know PC people have their own zealots along with Macs... so we'll deal with it I guess.
Macs do have their flaws, just not as much as some other OS's IMO. This QT flaw has been fixed a few weeks ago, however, and now apparently are just telling us how important the upgrade is.
For those who wish to enage in bashing, which I do not wish to do, be aware that this is not an OSX problem (read the article again). Quicktime is a cross platform tool, so the better comparison is to Windows Media Player. As the article states, the problem exists across platforms.
The criticality of a vulnerability doesn't depend on the availability of a patch. If you have a patch installed, then you don't have the vulnerability, period. But if you don't have the patch, the vulnerability is critical, it doesn't matter if the patch exists or not.
Just to repeat my rules of software - RULE # 1 - ALL SOFTWARE HAS FAULTS - except the stuff I write :-)
But I personally have NEVER been inconvenienced by any virus or any vunerability in Wintel or Mac. I just keep my security up to date & I'm fine. So, from my perspective - OS X & XP Pro are both just fine. I wouldn't choose one over the other based on security, because I can make both secure.
Alright, I've been in computer repairs for many years. Apple users always claim that apple computer software does not have any faults and viruses. Wrong. I have numerous cases of macs infected with viruses and numeerous faults with apple software (if everyting works dandy, why the need for 'Force Quit' menu? Something tells me it's the same thing as Ctrl Alt- Del in Windows). Also, noticing that Apple's compose of only 3% of all computers, these flaws aren't noticed, but if apple get bigger, then we'll see the same thing as Microsoft--someone somewhere will find security holes in apples too.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
That's one on-top-of-it security company.
the regular user of macs look bad. I, myself use a mac, and very
much enjoy working in OSX. I know PC people have their own
zealots along with Macs... so we'll deal with it I guess.
Macs do have their flaws, just not as much as some other OS's IMO.
This QT flaw has been fixed a few weeks ago, however, and now
apparently are just telling us how important the upgrade is.
For those who wish to enage in bashing, which I do not wish to do, be aware that this is not an OSX problem (read the article again). Quicktime is a cross platform tool, so the better comparison is to Windows Media Player. As the article states, the problem exists across platforms.
Not heard of any exploits of this.
Doesn't sound that critical. Good free PR for Secunia though.
RULE # 1 - ALL SOFTWARE HAS FAULTS - except the stuff I write :-)
But I personally have NEVER been inconvenienced by any virus or any vunerability in Wintel or Mac. I just keep my security up to date & I'm fine. So, from my perspective - OS X & XP Pro are both just fine. I wouldn't choose one over the other based on security, because I can make both secure.
In response to your question...
Force Quit lets the user stop a "locked" application that is no longer responding to normal user inputs. Kind of like "End Task" in Windows.