Sunday, January 15, 2006

Apple Fixes Eight QuickTime Bugs

ChannelWeb Executive Briefing:

"'Most IT departments probably saw Apple's security update and thought 'that's a consumer application, I don't have to worry about security policies for that,'' said Marc Maiffret, co-founder of eEye and its chief hacking officer, in a statement. 'Those IT departments would be mistaken. There are few people that have not seen a co-worker with an iPod wandering the halls of their organization, and those iPods probably mean iTunes is on your network.'"


The bugs in QuickTime, Apple revealed in a security advisory, are in how the player parses a number of image file formats, including .gif, .tif, and .tga, as well as in other media file formats. Attackers who craft special files, and deliver those files to unsuspecting users, could trigger integer or heap buffer overflows, crash the computer and/or run code of their own choosing.

In response, Apple has posted QuickTime 7.0.4 for Mac OS X 10.3.9 and later, and Windows 2000 and XP. The update can be downloaded and installed via Software Update for Mac OS X users, or from this page for Windows users.

http://www.channelweb.com/nl/execbriefing/showArticle.jhtml?sssdmh=dm4.163137&articleId=175803624