In association with heise online

06 March 2007, 10:18

Apple fixes eight critical vulnerabilities in QuickTime

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A security update from Apple fixes a total of eight vulnerabilities in the multimedia system QuickTime. All eight are the result of buffer overflows, which could be used by an attacker to introduce and execute code on a system. To do so, the victim merely has to open a malicious file using QuickTime - the file can, for example, be received as an e-mail attachment or be downloaded from a website. Whether or not the attacker can thereby gain control over the computer depends on the operating system and the configuration.

The vulnerabilities are present both in versions for Mac OS X and for Windows 2000, XP and Vista. Users should usually work with restricted privileges under Mac OS X and Vista. The known privilege escalation vulnerability in Mac OS X, which allows an attacker to obtain root privileges, was closed by Apple with the previous security update.

The buffer overflows in QuickTime occur when processing manipulated 3GP, MIDI, QuickTime, PICT and QTIF files. Apple QuickTime versions 7.1.4 and earlier are affected. Updating to 7.1.5 fixes the problem under both Mac OS X and Windows. It is not known whether the vulnerability has already been exploited.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit