Needa Pass Rush
01-14-2008, 02:17 PM
My IT guy is suggesting uninstalling these applications until there is a fix. Google (news) Quicktime for more info. Thank you Apple!
New QuickTime Flaw Found
Both Windows and Mac versions of the multimedia program have a buffer overflow flaw that puts users at risk.
Jim Dalrymple, IDG News Service
Saturday, January 12, 2008 06:30 AM PST
The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple's QuickTime media software.
The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple's popular iTunes jukebox software, that application is also affected, researchers said.
The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.
The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.
US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.
Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.
Apple representatives were not immediately available for comment.
New QuickTime Flaw Found
Both Windows and Mac versions of the multimedia program have a buffer overflow flaw that puts users at risk.
Jim Dalrymple, IDG News Service
Saturday, January 12, 2008 06:30 AM PST
The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple's QuickTime media software.
The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple's popular iTunes jukebox software, that application is also affected, researchers said.
The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.
The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.
US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.
Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.
Apple representatives were not immediately available for comment.