main

Apple Patches QuickTime

Slimy   on 24 January 2007 - 19:22 · 16 comments & 4644 views

Advertisement (Why?)
Apple has patched a vulnerability in its QuickTime media player that Danish security vendor Secunia labeled as ‘critical’ because of the risk involving a hacker gaining control over a given computer. A buffer overflow can occur when QuickTime processes a Real Time Streaming Protocol (RTSP) URL, which directs the player to a streaming file and allows a user to play and pause it. A malicious RTSP URL embedded in a Web page could allow other harmful code to be executed, Apple said. The patch is now available, three weeks after researchers who are part of the Month of Apple Bugs (MOAB) published exploit code, on Apple's download page as well as via Apple's Software Update service. QuickTime 7.1.3 was affected on the following platforms:
  • Mac OS X 10.3.9 & Mac OS X Server 10.3.9
  • Mac OS X 10.4.8 & Mac OS X Server 10.4.8
  • Windows XP & Windows 2000
News source: PC World

Share this Article

About the Author

Full name: Unknown
User name: Slimy
Contact: via forum PM
Submissions: View All
More: View Profile

Related news

Post a comment · Send to friend Comments · There are 16 additional comments
(2 replies) #1 RAID 0 on 24 Jan 2007 - 19:24
Interesting. Hasn't that flaw been around (and noticed) for a while?
#1.1 drygnfyre on 24 Jan 2007 - 19:38
I think the article said it's been known for three weeks.
#1.2 Batfink on 24 Jan 2007 - 20:06
The vulnerability was first published on day one of the Month of Apple Bugs: http://projects.info-pull.com/moab/
(2 replies) #2 black_death on 24 Jan 2007 - 21:00
who the hell uses quicktime anymore.....
#2.1 FrozenSpoon on 24 Jan 2007 - 21:16
geez I know. Do they still make you pay for the pro version just to have video full screen? What a joke.

I hear iTunes users get stuck with it though. ha-ha
#2.2 .Neo on 24 Jan 2007 - 22:51
Basically everyone with an iPod, so quite a lot of people.
#3 darkrats on 24 Jan 2007 - 21:06
Can someone, maybe the author of this news item, post a direct llink to the patch for Windows XP? I looked on the Apple download page, but saw only patches for OSX. Thanks.
#4 rseiler on 24 Jan 2007 - 21:43
It doesn't appear that the Windows version has been posted yet.
#5 Croquant on 24 Jan 2007 - 23:31
Hey, where's all the apple fanboys saying things like "Apple never needs to patch their products?"
Funny, they were here just a minute ago.
#6 Sonic2k on 25 Jan 2007 - 03:13
if xp users have the Apple software update program installed they can use that to get the fix for quicktime i did and have updated.

BTW Apple Software Update comes with iTunes 7
(1 reply) #7 xpgeek on 25 Jan 2007 - 04:09
I know we're not supposed to talk about this, but, can someone answer?

Does this mean Quicktime Alternative is vulnerable to the same exploit until updated ?
#7.1 Croquant on 25 Jan 2007 - 05:55
Apple won't say one way or another because that would mean they'd have to acknowledge that Quicktime Alternative exists.
However, since the flaw is in the player and not the media format, I'd say that the answer to your question is: No.
#8 dangel on 25 Jan 2007 - 10:21
NOooooooooooooooooooooo! Apple is just another tech company???

(1 reply) #9 darkrats on 25 Jan 2007 - 16:25
Can someone confirm that there's a patch for QT under XP? I don't see it on the Apple downloads site and when I update QT from within the application, it just says that my vesion is up to date. I would sure like a link to the XP patch.
#9.1 rseiler on 27 Jan 2007 - 02:16
No direct link. They're using the Apple Software Update mechanism, as discussed here:
http://discussions.apple.com/thread.jspa?threadID=829867
#10 rseiler on 05 Feb 2007 - 02:42

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.897) © 2000 - 2008 Neowin.net