Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Browse by topic

News

New Quicktime vulnerability allows malicious attack

2 January 2007 10:34 by Dave "Davedough" Horvath | 6 comments

A newly discovered vulnerability in Apple's Quicktime application could allow your computer to be open to specific attacks. Currently unpatched, this vulnerability appears to effect version 7.1.3.100 for the Windows client and is reported to effect the Macintosh OSX version as well.

The vulnerability uses a flaw in the RTSP (Real Time Streaming Protocol) handling part of the code. If a user were to retrieve a streaming video that contained more than 256 bytes in the "src" portion of the URL, this would then compromise the machine. A successful attack then allows malicious code to be processed on the user's computer. No word yet on a patch.

Source:
Secunia

Permalink to this article

Apple patches security flaws in iPhone, QuickTime (16 January 2008)

QuickTime suffers another RTSP flaw (11 January 2008)

Apple fixes security holes in QuickTime (5 March 2007)

Apple patches flaw in QuickTime software (24 January 2007)

Adobe to give some Mac lovin (4 January 2007)

FFDSHOW 2006-08-03 added to download section (4 August 2006)

Software updates and additions for 5th - 11th June (11 June 2006)

DivX 6.5 includes first "official" player for Mac (26 May 2006)

Apple sues Burst.com (11 January 2006)

Apple supports Blu-Ray (10 March 2005)

« Previous news article
75 million PS3 units sold by 2010?

Next news article »
IGA Europe boss says in-game ads help developers retain IP

Post your comment

Discuss this article!
rav009 (Senior Member) 2 January 2007 10:52
<---- Updates his security software and hopes for the best until a patch is out. [ + quote]
halfhere (Member) 2 January 2007 11:09
looks likes macs won't be "virus free" now [ + quote]
CiDaemon (Member) 2 January 2007 12:53
Just because a vulnerability exists, that doesn't mean that virus coders will jump on it. Why write viruses that only effect 3% of the population? Until malicious coders feel that Apple computers make up a large enough population that it would be worth it, no one will bother. [ + quote]
akaangus (Member) 2 January 2007 16:23
"Until malicious coders feel that Apple computers make up a large enough population that it would be worth it, no one will bother." How many iTunes users are out there? Millions I'm sure. That's how many people and more this exploit will affect. Although this is not a system virus, macs are not quite relatively virus "free", there has always been Mac office exploits out there. I think there was another last week, as well as Java and Flash exploits that have always been around and can still affect macs. Remember in the old SE days the renaming of the Hard Drive ".sony"? I am a linux user and only have QT on Wine through CrossOver so this doesn't really affect me anyways. (edited for grammar) [ + quote] This message has been edited since posting. Last time this message was edited on 2 January 2007 16:25
gogochar (Senior Member) 2 January 2007 19:21
Quote: looks likes macs won't be "virus free" now Macs have always had viruses. It's just that they are built better than Windows. It all ends here. [ + quote]
CiDaemon (Member) 2 January 2007 20:59
"How many iTunes users are out there? Millions I'm sure. That's how many people and more this exploit will affect. " The exploit is within Quicktime, not iTunes. Granted, they install together, but few use QT; iTunes is the real draw. There are plenty of iTunes users out there, but that's not what I said. Remember that I said Apple computers, not Apple software. There are plenty of hacks/viruses/etc. that exploit apple software-but only when it's released for windows. I never said this exploit wouldn't be used by people writing malicious code on a PC. I said no one will bother exploiting it for Mac. [ + quote]