Search Perform an advanced search query SOFTPEDIA
 
SOFTPEDIA
Updated one minute ago
HomeSubmit a program for being reviewedAdvertise on our websiteGet help on surfing our websitesSend us your feedbackGet information about our XML/RSS backend and how to use itBrowse the news archiveVisit our discussion forumVizitati forumul in limba romana



KLIP
  1. HOME
  2. SCIENCE
  3. TECHNOLOGY
  4. WEBMASTER
  5. SECURITY
  6. MICROSOFT
  7. LINUX
  8. APPLE
  9. GAMES
  10. TELECOMS
  11. REVIEWS
  12. LIFE & STYLE
  13. EDITORIALS
  14. INTERVIEWS
  15. RSS
Welcome!
Hello, Guest

Login if you have a Softpedia.com account.

Otherwise, register for one.

APPLE

QuickTime Vulnerability Also Present in Os X Version

- But only causes a Denial Of Service...

By: Victor Mihailescu, Apple News Editor

Last week, there was a lot of stink made over by another QuickTime vulnerability for Windows. There have been quite a few of these vulnerabilities in Apple’s software, but they have typically affected both Windows and OS X. So, it should not be surprising that the same issue was discovered
on the Mac.

Symantec’s security response team dug a little deeper, and found that the Real-Time Streaming Protocol (RTSP) bug in QuickTime is also quite present in the Mac version of Apple media player. Although the vulnerability is in the same place as on the Windows version, it will behave differently on a Mac, and the Windows specific attack code fails to give a hacker access to OS X, instead causing QuickTime to crash.

"We tested it, and the exploit does cause a denial of service," said Marc Fossi, manager of the Symantec team. Although the vulnerability is less severe than it is on Windows, Fossi warned that Mac users might not be in the clear, yet. "QuickTime vulnerabilities have tended to affect both Windows and Mac OS X, and it's always possible that a denial of service could lead to remote code execution."

The security researcher also noted that, on Windows, Microsoft Internet Explorer Versions 6 and 7, as well as Apple's own browser, will further serve as a buffer, offering some additional protection against the attacks that are based on fooling users into visiting malicious or compromised sites hosting rigged streaming content.

"The buffer overflow protection built into IE and in Safari prevents the exploit shell code from executing in the plug-in," said Fossi. Thus, in order to successfully attack users that are currently using these browsers, the current exploit would have to be further refined. It is important to note that users of Firefox, a very popular browser on the Windows platform, have no such buffer that they can rely on, and would be directly affected by the exploit as it is now.

MORE RELATED ARTICLES: Yippee! QuickTime Vulnerable Again! Windows Vista Users at Risk Due To QuickTime Flaw. Update Recommended! Windows and Mac OS X Users at Risk Due To QuickTime Hole
 
Comments | Link here | Subscribe
Print | Send to friend
Today's News | Yesterday's News

Search:

TAGS: Apple QuickTime Safari

27th November 2007, 18:18 GMT | Copyright (c) 2007 Softpedia | Contact:
Read by 308 user(s) | Rating: | 7 vote(s) so far | Cast your vote:
QuickTime Vulnerability Also Present in Os X Version - USER OPINIONS




We are sorry, there are no opinions available for this article.


SHARE YOUR OPINION ABOUT QuickTime Vulnerability Also Present in Os X Version

Since you are not logged on, your comments will have to be approved before being displayed.
Click here to login, or register.
Your Name:
Your Email:
Type in the result:
Your Opinion:
 


DO YOU WANT TO CONTACT US?  

If you have some comments or you want to send us some information you can send us an email directly to .
You can use the form below for the same purpose.
Your full name: (at least 3 characters)
Your email address: (at least 5 characters)
Message subject: (at least 5 characters)
Message text:
(at least 10 characters)
Type in the result:
 
 
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.
Copyright Information | Privacy Policy | Terms of Use | Contact Softpedia | Update your software | Archive