The discovery of the heap overflow flaw also follows after numerous rounds of recent security updates. The most recent QuickTime vulnerability is one in a long line of serious errors, particularly in its real time streaming protocol, that have left users susceptible to remote code execution attacks. An attacker could crash any Web browser running the QuickTime plug-in by enticing a user to view an infected media file.Ī blogger known as "securefrog," published a proof of concept exploit code on the Website Milw0rm that could allegedly be executed on users systems for such attacks. Consequently, such long strings will crash any Web browser running the QuickTime software, Intego says.Īn attacker could also add a QuickTime media file to a Web page that could execute arbitrary code and launch a malicious attack used to compromise affected systems with minimal user interaction. The error also affects Web browsers Apple Safari, Microsoft Internet Explorer or Mozilla Firefox.
#Quicktime 7.5.5 update for mac mac os x
Security company Intego said that the QuickTime tag fails to properly handle long strings of data, resulting in a heap overflow flaw in both QuickTime Player and iTunes, as well as other Mac OS X programs that stream media via the QuickTime plug-in, such as Mail. I have an iBook G4 when i try and open iTunes it tells me that iTunes requires QuickTime 7.5.5 or later. Apple also recently updated iTunes to version 8.0. The discovery of the new heap overflow vulnerability comes a week after Apple updated QuickTime, the media software used to play music and stream videos on both Mac OS X and Windows, to version 7.5.5.
0 kommentar(er)
