Apple has issued a critical security update for QuickTime media player, aimed at resolving vulnerabilities that could potentially allow a malicious attacker to take control of a person's computer, according to an Apple advisory released this week.
People running QuickTime 7 for Windows and for Mac OS X, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple.
Apple is advising people to update to QuickTime 7.6 for Windows, QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger.
The update seeks to address QuickTime security flaws that could potentially allow a malicious attacker to launch a buffer overflow and execute arbitrary code on a user's system.
The attack could potentially occur via a maliciously crafted movie file, AVI movie file, QTVR movie file, or an RTSP URL, according to Apple.
Security researcher Secunia, in an advisory released Thursday, noted the vulnerabilities are considered "highly critical."
A serious new flaw was disclosed on Thursday that affects the latest versions of Apple's QuickTime and iTunes applications.
The National Vulnerability Database entry CVE-2008-4116 describes a heap-based buffer overflow vulnerability within Apple's QuickTime 7.5.5 and iTunes 8.0 programs.
To infect a computer, a maliciously coded long-type attribute within a QuickTime tag might be placed on a Web page, or within a .mp4 or .mov file. This could allow remote attackers to crash the applications (known as a denial of service) or possibly execute arbitrary code on a compromised computer.
The announcement comes one week after
At the moment, there is no recommended workaround or patch available for the code exploit.
Apple did not reply to a request for comment.
- prev
- 1
- next
