Apple drops QuickTime patch

Summary:Apple on Wednesday dropped a patch for QuickTime to fix a arbitrary code execution vulnerability.Relative to other recent QuickTime patches this one was small--only one vulnerability that could lead to an "unexpected application termination or arbitrary code execution" if a user visits a malicious Web site.

Apple on Wednesday dropped a patch for QuickTime to fix a arbitrary code execution vulnerability.

Relative to other recent QuickTime patches this one was small--only one vulnerability that could lead to an "unexpected application termination or arbitrary code execution" if a user visits a malicious Web site.

QuickTime 7.4.1 covers the following vulnerability (CVE-2008-0234). Here's Apple's description.

A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

This flaw has been around for about a month.

Topics: Apple, Hardware, Mobility, Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.