Apple fixes critical QuickTime bug
Apple has released a security fix for its QuickTime media player software,
fixing a critical bug that had been worrying security experts for nearly a month.
The update, released Wednesday, fixes a vulnerability in the Real Time Streaming
Protocol (RTSP) used by QuickTime to handle streaming media. It also fixes a
previously reported incompatibility between QuickTime 7.4 and Adobe Premiere
and After Effects, according to an Apple spokesman.
On Jan. 10, researcher Luigi Auriemma disclosed the flaw by posting proof-of-concept
attack code that could be used to run unauthorized software on a victim's computer.
For the attack to work, the criminal would have to first trick the user into
viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple
would address the flaw. Wednesday's QuickTime 7.4.1 update is for both the Mac
OS X and Windows operating systems.
It is Apple's fifth QuickTime update since October. The company has been forced
to issue the flurry of patches as security researchers have taken a closer look
at media player flaws during the past year. In December, Apple patched a separate
RTSP vulnerability, which online criminals had already started to use in their
attacks.
"In the past few months, QuickTime has been a prevalent target for security
researchers," said Andrew Storms, director of security operations with
nCircle Network Security, via instant message. "Internet media applications
on the desktop have been a rich target for attackers and this trend is sure
to continue as most users aren't yet accustomed to attacks arriving in the form
of a viral video."
(Peter Cohen of Macworld contributed to this story.)
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
