Technology news and Jobs 
Information Technology News Apple patches for QuickTime for Windows
Information Technology News Apple patches for QuickTime for Windows | Apple patches for QuickTime for Windows |
|
| by Stephen Withers | |
| Thursday, 04 October 2007 | |
      
QTL (QuickTime Media Link) files specify the media files that are to be played, along with information about how it should be played. The flaw is that the ability to include JavaScript in a QTL file could be exploited to cause the execution of arbitrary code by passing command line arguments to another application. The issue was identified by Petko Petkov in September 2006, but remained unaddressed until he published a proof of concept exploit on September 12, 2007 Firefox 2.0.0.7 was released to guard against such exploits being carried out via that browser, but it seems that Apple's patch addresses the issue at a lower level, preventing other applications from being used as vectors. Security Update for QuickTime 7.2 for Windows can be obtained from Apple Downlaods http://www.apple.com/support/downloads/ or via the Apple Software Update utility. The Mac OS X version of QuickTime is not affected by this issue. |
Tags
| < Next story in category | Previous story in the category > |
|---|
