YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

read more

Apple's QuickTime under fire - again

Your IT - Home IT

Ever received an email with an embedded movie or sound clip? QuickTime almost certainly played it for you.

QuickTime is even used in the Finder. Ever used the preview feature in Quick Look or in a Get Info window? That's QuickTime at work again.

The sample exploit provided by securfrog only causes a crash, and so is more likely to be a nuisance than anything else. But until the flaw is fixed, the possibility of a more dangerous exploit will remain.

Furthermore, securfrog points out that QuickTime parses headers contained in a file sent to it for processing even if the headers do not correspond to the file's type: "so you can put some xml in a mp4, mov,etc and open it with quicktime or you can do the same in some html page [sic]".

The pervasiveness of QuickTime means that suggestions from some quarters that the QuickTime browser plugin should be disabled until Apple releases a patch will have limited effectiveness.

While it would stop a malicious file embedded in a web page from triggering a crash, there are so many other situations that QuickTime is used with downloaded content that it would at best be a band-aid solution.

Furthermore, the loss of functionality would be so severe that it would not be a viable strategy for many users.

Code used to handle media files has proved a fertile hunting ground for security researchers, with Apple, Microsoft and other vendors having released multiple updates to handle such flaws once they are uncovered.

Loading comments ...



- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more