Apple Patches Critical Flaw in QuickTime
A critical flaw in Apple's QuickTime media player software that had been a cause of worry for security experts for almost a month is now corrected with a new security patch from Apple.
The software company has updated both the Mac and Windows editions of QuickTime and said that the flaw affected Vista and Windows XP operating systems as well as players in Mac OS X versions 10.3, 10.4 and 10.5.
Security Researcher Luigi Auriemma was the first one to reveal the flaw when he posted a proof-of-concept exploit code that anyone could use to execute unauthorized software onto a victim's PC on January 10, 2008. The attack would work if the criminal gets the user to view a corruptly encoded QuickTime media file, as reported by Washingtonpost on February 6, 2008.
The new update will fix the problem of 7.4.1 version of QuickTime media player. This single fix in the player deals with the RTSP (Real-Time Streaming Protocol), a media protocol, which Apple patched in December 2007 to mend some other flaw. According to Apple, the exploitation of the vulnerability is possible by tricking users into viewing a malevolent Website.
In last few months, QuickTime has been the favored subject of researchers' discussion. Director of Security Operations, nCircle Network Security, Andrew Storms, said that various types of Internet media programs like QuickTime on users' desktop have been lucrative targets for hackers. It is likely to remain a target for attacker in coming months because majority of users are not familiar with attacks coming via an inflicted video, as reported by Washingtonpost on February 6, 2008.
Around the middle of January 2008, Apple fixed four other bugs within QuickTime. With these patches, Apple has now come on a yearly speed of 45 bugs in QuickTime. In 2007, the company released 34 patches for flaws affecting its multimedia player application.
In similar news, Apple issued a new security update for iPhoto to patch vulnerability that could be exploited to execute remote code. IPhoto 7.1.2 patches vulnerability in format string that could be used by a cyber criminal to lure a user when he processes photocast subscription.
Related article: Apple Patches QuickTime 13 Month Old Flaw
» SPAMfighter News - 21-02-2008