Apple patches QuickTime bug exposed in MOAB

Apple patches QuickTime bug exposed in MOAB

Summary: Security Update 2007-001 was just released and is available via Apple's Software Update. Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime.

SHARE:
TOPICS: Tech Industry
4

Security Update 2007-001Security Update 2007-001 was just released and is available via Apple's Software Update application.

Apple's first security update of 2007 is recommended for all users and improves the security of QuickTime. The update fixes the buffer overflow issue in QuickTime's RTSP URL handling.

From the Apple security Web site:

Security Update 2007-001

Impact: Visiting malicious websites may lead to arbitrary code execution

Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.

As always, I recommend waiting a minimum of 72 hours before installing any software update.

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • But the Mac zealots said this didn't exist!

    Remember when [b]t[/b]his was announced? Certa[b]i[/b]n people here (I [b]c[/b]an't name names or they will throw a hi[b]s[/b]sy fit) s[b]w[/b]ore that this w[b]a[/b]s all false because Landon Fuller, Secunia, and several other securit[b]y[/b] sites all hated Apple and it was a [b]b[/b]ig conspiracy. I ch[b]a[/b]llenged the person that I'm not allowed to name and asked him what he would say when Apple [b]c[/b]ame out with a patch for this vulnerability that didn't exist. I as[b]k[/b]ed if he would believe then that Apple hated Apple. He didn't really have an answer back then. I wonder if he has an answer now? I bet he doesn't. :)

    Fact: Apple releases buggy software that, when installed, can be used by remote hackers to take over your machine. This is undeniable and has now been confirmed by Apple. If you deny this, you are calling Apple a liar and I'd be forced to ask you why you hate Apple.
    NonZealot
    • No one feed the troll, please

      Let him crawl back under his rock.

      Thanks.
      V-Train
      • You might as well have written:

        [i]I can't refute any of the facts presented in NonZealots post. Nice job NonZealot![/i]

        To which I now reply:
        [i]Thanks V-Train! I appreciate the words of encouragement.[/i]
        NonZealot
  • vagijzw 06 fpa

    lnugex,qcuabrqv01, galki.
    bdfwekrwe30-24378967389732077663099601684279