Technology news and Jobs 
Information Technology News Apple's QuickTime under fire - again
Information Technology News Apple's QuickTime under fire - again | Apple's QuickTime under fire - again |
|
| by Stephen Withers | |
| Friday, 19 September 2008 | |
|
Page 2 of 2 Ever received an email with an embedded movie or sound clip? QuickTime almost certainly played it for you.Featured Whitepaper
5 Best Practices for Smartphone Support
The sample exploit provided by securfrog only causes a crash, and so is more likely to be a nuisance than anything else. But until the flaw is fixed, the possibility of a more dangerous exploit will remain. Furthermore, securfrog points out that QuickTime parses headers contained in a file sent to it for processing even if the headers do not correspond to the file's type: "so you can put some xml in a mp4, mov,etc and open it with quicktime or you can do the same in some html page [sic]". The pervasiveness of QuickTime means that suggestions from some quarters that the QuickTime browser plugin should be disabled until Apple releases a patch will have limited effectiveness. While it would stop a malicious file embedded in a web page from triggering a crash, there are so many other situations that QuickTime is used with downloaded content that it would at best be a band-aid solution. Furthermore, the loss of functionality would be so severe that it would not be a viable strategy for many users. Code used to handle media files has proved a fertile hunting ground for security researchers, with Apple, Microsoft and other vendors having released multiple updates to handle such flaws once they are uncovered. |
Tags
| < Next story in category | Previous story in the category > |
|---|
