Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Windows and Mac OS X Systems Vulnerable Due to QuickTime Flaw

Apple QuickTime RTSP Reply Reason-Phrase Buffer Overflow

By Bogdan Popa, Security and Search Engines Editor

11th of January 2008, 11:52 GMT

Adjust text size:


Apple QuickTime on Windows
Enlarge picture
A new vulnerability has been discovered in the very popular application QuickTime, which may be used by malicious people to compromise an affected system, security company Secunia wrote in an advisory published today. The "Apple QuickTime RTSP Reply Reason-Phrase Buffer Overflow" notification was flagged as highly critical, Secunia advising affected consumers to avoid
opening untrusted websites or opening malicious .QTL files. According to several reports, both Windows and Mac systems are affected. The vulnerability has been confirmed in version 7.3.1.70, but other versions may be also affected.

"Luigi Auriemma has reported a vulnerability in Apple QuickTime, which potentially can be exploited by malicious people to compromise a user's system", Secunia wrote in the notification published today.

"The vulnerability is caused due to a boundary error when handling RTSP replies and can be exploited to cause a buffer overflow via e.g. sending a specially crafted reply containing an overly-long 'Reason-Phrase'. Successful exploitation may allow execution of arbitrary code, but requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site."

As you may know, QuickTime 7.3.1.70 is the latest release coming from the Cupertino company Apple, so we'll have to wait for a new patch in order to use the program without any risk.

As I've said, QuickTime is pretty popular among the Internet consumers. In order to prove it, look for QuickTime on Softpedia.com and look for the number of downloads section. As you're able to see, no less than 84,399 users have downloaded the Windows flavor of the program, while the Mac version attracted only 22,470 hits. However, keep in mind that QuickTime is implemented into Mac OS X by default, so no download is necessary.

If you'd like to download the latest version of QuickTime, you can find the Windows version HERE while the Mac flavor can be downloaded from HERE.

TAGS:

 apple | quicktime | windows | mac | security


Rating:
Fair (2.5/5) 6 vote(s) so far    

Read by 808 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Your Mac/PC Urgently Needs a Patch

Yippee! QuickTime Vulnerable Again!

Windows Vista Users at Risk Due To QuickTime Flaw. Update Recommended!

Windows and Mac OS X Users at Risk Due To QuickTime Hole

Working Exploit For QuickTime Vulnerability

Apple Releases QuickTime Update to Repair Security Flaws

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive