All the latest UK technology news, reviews and analysis

Apple patches QuickTime flaw

by Shaun Nichols

More from this author

04 Oct 2007

Be the first to comment

  • Tweet this
QuickTime
Apple has plugged a hole in the Windows Vista and XP versions of QuickTime

Apple has patched a flaw in QuickTime that could allow for remote attacks.

The fix addresses a vulnerability in the Windows Vista and XP versions of QuickTime, which is commonly installed as a browser plug-in or as a component of iTunes. OS X users are not affected.

Further reading

Apple said that the problem concerns QuickTime Media Links (QTLs) which are often used to launch media files from browsers.

If a specially crafted QTL is launched, QuickTime can allow access to a command line which could then be used to execute malicious code.

Security researcher Petko D Petkov showed last month how a malformed QTL file could be placed within a web page and disguised as a movie or song file.

When clicked, the links would allow for JavaScript code to run with the privileges of the current user.

The researcher provided several proof-of-concept samples which caused vulnerable machines to display alert boxes, launch arbitrary applications and even shut down.

Although the Apple security notice does not specifically mention the report, a spokesperson confirmed to vnunet.com that the fix addresses the flaw described by Petkov.

Users can obtain the update via the Software Update application or from Apple's support site.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

Security threats - password theft

Eight-year Nortel hacking operation again shows enterprise vulnerabilities

Related white papers

Related articles

Related jobs

Today's top stories

Apple OS X Mountain Lion

Top five features of Apple OS X Mountain Lion

Clouds superimposed on a computer keyboard

Red Hat pushes cloud computing interoperability

Toy soldiers on keyboard representing cyber security

Boardroom gears up for cyber war

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 reporter Dan Worth

World-changing CERN experiments highlight humanity’s intrinsic curiosity

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

.Net Principal Development Engineer Lead- London

Principal Development Engineer Lead- London - Smart TV...

.Net Development Engineer - HTML, XHTML, CSS, DOM

Development Engineer - London - Smart TV, Gaming, Tablets...

Principal Development Engineer - .Net ,C# or Java -

Principal Development Engineer - London - Smart TV, Gaming...

Test Engineer -London - Smart TV, Gaming, Tablets, PC& Mac

Test Engineer -London - Smart TV, Gaming, Tablets, PC...

To send to more than one email address, simply separate each address with a comma.