Mac Desktops
Smartphones
Cameras
Camcorders
Mac Laptops
iPad & Tablets
HDTV
Networking & Wireless
iPods
iPhone Apps
Printers
Storage
The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple’s QuickTime media software.
The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple’s popular iTunes jukebox software, that application is also affect, researchers said.
The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.
The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.
US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.
Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.
Apple representatives were not immediately available for comment.
- Recommend? 0 YES 0 NO
- 0 Comments
Ad Choices
"Researchers discover new QuickTime vulnerability" Comments
Have a comment on the story? Enter it below and share it with other readers.