All the latest UK technology news, reviews and analysis

Apple releases 'highly critical' QuickTime patch

by Shaun Nichols

24 Jan 2007

Be the first to comment

  • Tweet this
Apple security
The QuickTime vulnerability could allow an attacker to execute malicious code

Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS and Windows. 

The vulnerability, which was disclosed on the first day of the Month of Apple Bugs (MoAB) project, could allow an attacker to take control of a system and execute malicious code. 

Security firm Secunia rated the vulnerability as 'highly critical', the company's second-highest alert level. 

The attack is carried out when a user accesses a specially crafted QuickTime Link file. The exploit file then uses a vulnerability in the handling of RSTP (streaming media) URLs to cause an error and gain access to the system.

The official fix for the vulnerability can be downloaded from Apple's website or through the software update component in Mac OS X.

Exploit code for the vulnerability was first posted on 1 January by a researcher known as 'LMH'. The vulnerability was the first in the MoAB project, which aims to disclose a new Mac OS X vulnerability every day of the month.

An unofficial patch for the vulnerability was released on the same day by developer Landon Fuller, who is running a counter-project to patch each of the MoAB vulnerabilities. 

Secunia warned users of unpatched systems to avoid opening untrusted QuickTime Link files.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

google-search-icon

Google banned ads rocket to 134m

Related white papers

Related articles

Related jobs

Today's top stories

Google Android Malware

Top 10 Android mobile security apps

Phil Pavitt is chief information officer at HMRC

Government IT chief slams Apple security as 'appalling'

V3's Madeline Bennett

HP's loss of Autonomy founder Mike Lynch could be UK tech sector's gain

Poll

The workplace of the future poll - in association with IBM

What will be the biggest change to corporate technology in the future?

89%

6%

1%

3%

1%

Features

cookies

Quick guide to cookie law compliance

cookie

ICO sends out mixed messages on cookie law

V3's Madeline Bennett

HP's loss of Autonomy founder Mike Lynch could be UK tech sector's gain

An EMC logo

EMC World: Big data evolves into data science

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Riso

Colour printing: why the bill keeps outstripping the budget

The wrong printers, for the wrong tasks on the wrong contracts

Qlikview

Magic quadrant for business intelligence platforms

Who leads the BI pack and who should we be watching out for?

Technology jobs

PHP developer - CSS, HTML, Javascript, MySQL, Linux

PHP developer - CSS, HTML, Javascript, MySQL, Linux...

Senior BPM Developer

Senior BPM Developer (Java, J2EE, Agile, Spring, Struts...

Business Analyst

As a Business Analyst you will play a key role in understanding...

C#/ASP.NET Team Lead - Gloucester

C#/ASP.NET Team - Gloucester - My client has an urgent...

Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.

More white papers
To send to more than one email address, simply separate each address with a comma.