All the latest UK technology news, reviews and analysis
|
|
|
13 Jul 2007
Apple has released a QuickTime security update which patches eight vulnerabilities, including seven which could be used for remote code execution.
The update applies to QuickTime for Mac OS 10.3.9, 10.4.9 or later, as well as Windows XP and Vista.
Seven of the vulnerabilities allow for remote code execution, meaning that a successful exploit could allow an attacker to install malware or take control of a target system.
The French Security Incident Response Team has classified the update as 'critical', the organisation's highest alert level. Security vendor Secunia classified the update as 'highly critical', the fourth of its five alert levels.
Apple has apparently known about some of the flaws since last year. Security researcher Tom Ferris, who was credited with discovering two of the flaws, claims to have notified the company of one in April 2006 and another in November 2006.
As company policy, Apple does not publicly acknowledge any vulnerabilities until a patch has been released.
Four of the remote code execution vulnerabilities were found in QuickTime's Java components. Three will allow an attacker to execute arbitrary code, while a fourth will allow the attacker to capture a screenshot of the victim's computer.
All are exploited by way of a specially-crafted Java applet launched from a web page.
QuickTime has been a system component of Mac OS since 1991. It has also become a staple of Windows systems in recent years because it is included as a component of Apple's iTunes media player.
Security experts warned that this widespread use has begun to make QuickTime a popular target for malware authors.
Security vendor F-Secure noted that the MPack attack utility, which was used to carry out last month's 'Italian job' attacks, includes exploit code for QuickTime flaws.
The QuickTime update is available through Apple's software update utility or as a download from the Apple support website.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Web Developer LAMP HTML CSS Bash Linux Cambridge...
Drupal / Web Developer ( PHP, Drupal, JavaScript, JQuery...
Web / .NET Developer ( ASP.NET, VB.NET, HTML, CSS, SQL...
Analyst / Developer (Case Management) - NW London - £35...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?