[ news_security_news ]
ITunes And Quicktime Problems Exposed
John Stith
Staff Writer
2005-12-23
 Insider Reports RSS Feed
An independent researcher discovered some problems with .mov media files and it's being rated as critical by security firms. The flaw could create real problems for folks using either iTunes or Quicktime.
Tom Ferris over at SecurityProtocols.com discovered the flaws. He sent them along to Apple, who owns the two media player clients. He then put little hints of the problems on his site. Tuesday evening, he posted a full advisory on the matter.
According to ZDNet, security companies have also reviewed the issue and decided they warranted critical ratings. Secunia rated the problem as moderately critical and the French Security Incident Response Team rated the problem as critical.
In the advisory, Ferris listed an overview of the problem:
A heap overflow vulnerability exists within Apple iTunes 6.0.1 and Quicktime 7.0.3. The vulnerability allows for an attacker to cause the program to crash, and or to execute arbitrary code in the context of the user who executes the player. These flaws exist within all current versions, and prior versions of Apple iTunes and Quicktime for Mac OS X and Win32.
This is yet another way for hackers to create problems in software. As is pointed out, the best way to avoid this problem is not to download any media files from unknown sources. At the same time, people should hold these companies more accountable for not coming up with stronger software in and of itself.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
