Apple patches QuickTime bug exposed in MOAB

Summary:Security Update 2007-001 was just released and is available via Apple's Software Update. Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime.

Security Update 2007-001
Security Update 2007-001 was just released and is available via Apple's Software Update application.

Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime. The update fixes the buffer overflow issue in QuickTime's RTSP URL handling.

From the Apple security Web site:

Security Update 2007-001

Impact: Visiting malicious websites may lead to arbitrary code execution

Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.

As always, I recommend waiting a minimum of 72 hours before installing any software update.

Topics: Tech Industry

About

Jason D. O'Grady developed an affinity for Apple computers after using the original Lisa, and this affinity turned into a bona-fide obsession when he got the original 128 KB Macintosh in 1984. He started writing one of the first Web sites about Apple (O'Grady's PowerPage) in 1995 and is considered to be one of the fathers of blogging.... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.