Links
- Other Posts
- February Patch Tuesday
- Conficker Worm
Apple QuickTime Vulnerabilities
GSA Reference Number: AD090122-01
Simply Put: Apple has released patches to address multiple vulnerabilities in its QuickTime media player product. Unpatched QuickTime installations are vulnerable to remote exploitation if users view maliciously crafted files. These vulnerabilities affect QuickTime version 7.X.
Vulnerability Details: There are actually seven separate issues being patched by Apple. They are all user-supplied input validation issues, meaning the program does not properly sanitize data from the user, such as files, commands or configurations, etc. In this case, the program has a problem with processing certain types of URLs and file parsing. These vulnerabilities can lead to buffer overflow exploits, which have the opportunity to run remote code if exploited in a certain manner.
Countermeasures: Apple has released patches to address these vulnerabilities. Users can install the updates using QuickTime’s Software Update feature or download the new version from Apple downloads. Gladiator recommends that these patches are installed as soon as possible. Alert your network users of the vulnerabilities to ensure that all installations of QuickTime are patched.
Related Links:
- Secunia Advisory (http://secunia.com/Advisories/33632/)
- Security Focus Article (http://www.securityfocus.com/brief/890)
- Apple Release Notes (http://support.apple.com/kb/HT3403)
- Apple Downloads (http://support.apple.com/downloads/)