Apple patches QuickTime bug exposed in MOAB

Security Update 2007-001 was just released and is available via Apple's Software Update. Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime.

Security Update 2007-001
Security Update 2007-001 was just released and is available via Apple's Software Update application.

Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime. The update fixes the buffer overflow issue in QuickTime's RTSP URL handling.

From the Apple security Web site:

Security Update 2007-001

Impact: Visiting malicious websites may lead to arbitrary code execution

Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.

As always, I recommend waiting a minimum of 72 hours before installing any software update.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All