Fix available for remote-code exploit released New Year's Day
vnunet.com, 24 Jan 2007
Apple has patched a 'highly critical' vulnerability in QuickTime for both Mac OS and Windows.
The vulnerability, which was disclosed on the first day of the Month of Apple Bugs (MoAB) project, could allow an attacker to take control of a system and execute malicious code.
Security firm Secunia rated the vulnerability as 'highly critical', the company's second-highest alert level.
The attack is carried out when a user accesses a specially crafted QuickTime Link file. The exploit file then uses a vulnerability in the handling of RSTP (streaming media) URLs to cause an error and gain access to the system.
The official fix for the vulnerability can be downloaded from Apple's website or through the software update component in Mac OS X.
Exploit code for the vulnerability was first posted on 1 January by a researcher known as 'LMH'. The vulnerability was the first in the MoAB project, which aims to disclose a new Mac OS X vulnerability every day of the month.
An unofficial patch for the vulnerability was released on the same day by developer Landon Fuller, who is running a counter-project to patch each of the MoAB vulnerabilities.
Secunia warned users of unpatched systems to avoid opening untrusted QuickTime Link files.
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
We chat to Mike Maddison, UK head of Security, Privacy...
Update designed to give mobile users a richer, more personalised...
More thoughts on how servers can help manage overload
Do you agree?
Have your say on this article