All the latest UK technology news, reviews and analysis

Apple releases 'highly critical' QuickTime patch

by Shaun Nichols

More from this author

24 Jan 2007

Be the first to comment

  • Tweet this
Apple security
The QuickTime vulnerability could allow an attacker to execute malicious code

Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS and Windows. 

The vulnerability, which was disclosed on the first day of the Month of Apple Bugs (MoAB) project, could allow an attacker to take control of a system and execute malicious code. 

Security firm Secunia rated the vulnerability as 'highly critical', the company's second-highest alert level. 

The attack is carried out when a user accesses a specially crafted QuickTime Link file. The exploit file then uses a vulnerability in the handling of RSTP (streaming media) URLs to cause an error and gain access to the system.

The official fix for the vulnerability can be downloaded from Apple's website or through the software update component in Mac OS X.

Exploit code for the vulnerability was first posted on 1 January by a researcher known as 'LMH'. The vulnerability was the first in the MoAB project, which aims to disclose a new Mac OS X vulnerability every day of the month.

An unofficial patch for the vulnerability was released on the same day by developer Landon Fuller, who is running a counter-project to patch each of the MoAB vulnerabilities. 

Secunia warned users of unpatched systems to avoid opening untrusted QuickTime Link files.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Concept image of broken USB representing a data leak

Nuclear watchdog loses USB containing data on power plant in Hartlepool

Related white papers

Related articles

Related jobs

Today's top stories

Microsoft Windows 8 start screen

Top 10 Microsoft Windows 8 features to be excited about

Barclays Pingit Application in use on an iPhone

Barclays launches Pingit mobile payment service for iPhone, Android and BlackBerry

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

C# DEVELOPER- Commodities Index Trading

A senior C# developer is required by a leading investment...

SENIOR JAVA/ J2EE DEVELOPER

A senior JAVA developer is required by a leading financial...

AGILE JAVA DEVELOPER- INVESTMENT BANKING

A leading investment bank are looking for an AGILE JAVA...

C# WPF F# developer- Quant group

A senior C# WPF F# developer is required by a leading...

To send to more than one email address, simply separate each address with a comma.