Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
MP3rocket
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code
p2pnet - rss feed: http://p2pnet.net/p2p.rss | p2pnet celebrities: http://p2pnet.net/celeb.rss | Mobile? http://p2pnet.net/index-wml.php

‘Extremely critical’ QuickTime security hole

p2pnet news | Security:- Secunia says there’s a(nother) extremely critical security hole in Apple QuickTime.

And there’s a working exploit publicly available, it says, going on:

“h07 has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user’s system.

“The vulnerability is caused due to a boundary error when processing RTSP replies and can be exploited to cause a stack-based buffer overflow via a specially crafted RTSP reply containing an overly long ‘Content-Type’ header.

Successful exploitation, “allows execution of arbitrary code and requires that the user is e.g. tricked into opening a malicious QTL file or visiting a malicious web site.”

It’s been confirmed in version 7.3 and, “Other versions may also be affected,” says the post.

At the beginning of the month, Apple’s then latest QuickTime release fixed “at least” seven major security vulnerabilities in earlier versions of QuickTime for Mac, Windows XP and Windows Vista.

What to do?

“Do not browse untrusted websites, follow untrusted links, nor open untrusted QTL files.”

SlashdotSlashdot it! Add to Technorati Favorites

Also See:
Secunia - Apple QuickTime RTSP “Content-Type” Header Buffer Overflow, November 26, 2007
seven major security vulnerabilities - 7 Apple QuickTime security fixes, November 6, 2007


Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for the download, and here for details. Click here or here to learn how to by-pass censorship in your area.

This entry was posted on Thursday, November 29th, 2007 at 11:18 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 5319 times

« previous RIAA may be spying on students: Oregon AG
Amazon wins fight for user privacy next »

3 Responses to “‘Extremely critical’ QuickTime security hole”

  1. Reader's Write Says:
    November 29th, 2007 at 1:26 pm

    Uninstall Quicktime once and for all - your system will be faster and more secure. No more stealing of PNG and TIFF file associations, no more popups to buy a full version when each PNG image is shown….

    For MOV files, get VLC Media Player

  2. Reader's Write Says:
    November 29th, 2007 at 5:55 pm

    I thought Apple products “just work” and are free of security flaws?

    Fuck Quicktime, it’s a piece of shit. Use VLC for everything.

  3. Reader's Write Says:
    November 29th, 2007 at 7:29 pm

    QuickTime is a truncation of “A large headache in only a quick time”

Leave a Reply
    Advertisments
Teksavvy