Technology news and Jobs 
Information Technology News Apple patches serious QuickTime flaws
Information Technology News Apple patches serious QuickTime flaws | Apple patches serious QuickTime flaws |
|
| by Stephen Withers | |
| Friday, 04 April 2008 | |
|
The majority of the flaws - eight of them - involve buffer overflows that can variously be exploited through maliciously crafted PICT, Animation or VR content, and in some cases through movie files regardless of their actual content. Such vulnerabilities typically arise because programmers assumed the data processed by their software would always be reasonable. For instance, if the specification says a certain element will be no longer than 255 bytes and the code doesn't check the length of that element, it may be possible for an attacker to create a file with an oversized version of that element which is used to introduce arbitrary code into the system. Other bugs addressed include privilege escalation by untrusted Java applets, mishandling of external URLs in movie files, and memory corruption caused by malformed movie files. Most of the patches are common to versions for both operating systems, though three are specific to Windows. The new version of QuickTime can be installed via Software Update (Apple Software Update on Windows) or downloaded from Apple's web site.
|
Tags
| < Next story in category | Previous story in the category > |
|---|
