iTWire - Apple patches serious QuickTime flaws

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

Apple patches serious QuickTime flaws

E-mail

Information technology news - Security
by Stephen Withers
Friday, 04 April 2008
The latest version of QuickTime fixes another 11 vulnerabilities, all but one of which could be exploited to execute arbitrary code. Featured Whitepaper 5 Best Practices for Smartphone Support QuickTime 7.4.5 is available for Mac OS X 10.3, 10.4 and 10.5, plus Windows XP and Vista. The majority of the flaws - eight of them - involve buffer overflows that can variously be exploited through maliciously crafted PICT, Animation or VR content, and in some cases through movie files regardless of their actual content. Such vulnerabilities typically arise because programmers assumed the data processed by their software would always be reasonable. For instance, if the specification says a certain element will be no longer than 255 bytes and the code doesn't check the length of that element, it may be possible for an attacker to create a file with an oversized version of that element which is used to introduce arbitrary code into the system. Other bugs addressed include privilege escalation by untrusted Java applets, mishandling of external URLs in movie files, and memory corruption caused by malformed movie files. Most of the patches are common to versions for both operating systems, though three are specific to Windows. The new version of QuickTime can be installed via Software Update (Apple Software Update on Windows) or downloaded from Apple's web site. Tags See All Tags Apple Mac OS X Security Software Stephen Withers Support and maintenance Vista Windows Windows XP Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Business & IT Transformation Roles

Systems Analysts	Business Process Analysts
Test Analysts	Business Analysts
Business Readiness Analysts

Project C

stats for wordpress