ARN

After attacks, Apple fixes QuickTime bug

Apple has patched a critical security flaw in QuickTime that was being exploited by attackers.

Apple has released a new security patch for QuickTime, its eighth update this year for the media player software.

The update addresses three critical security holes in QuickTime, including a vulnerability that has been used in attacks by online criminals.

The most critical of the flaws lies in QuickTime's implementation of the Real Time Streaming Protocol (RTSP), used to play audio and video over the Internet. The flaw was made public Nov. 23, and in early December attackers began exploiting the flaw in online attacks. By tricking victims into visiting a malicious Web site that exploited the flaw, hackers were able to install malicious software on the victims' PCs.

To date, these attacks have targeted Windows-based systems, but security experts say that Mac OS X users are also at risk to the vulnerability. Apple issued patches for both Windows and Mac OS X users on Thursday.

The second critical vulnerability, which had apparently not been publicly disclosed, has to do with a flaw in the QuickTime Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new bugs.

Apple also patched a handful of similar bugs in the way that QuickTime handles Adobe's Flash media format. The most serious of these flaws could let attackers run unauthorized software on the computer, much as the RTSP bug does, Apple said.

With security researchers paying special attention to media format bugs, Apple has had to patch QuickTime frequently this year. Some of these updates have come just weeks apart. Apple last patched QuickTime on Nov. 5.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Adobe, Apple, CGI

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
Aquion , Australasian PC Distributors (APCD) , Avnet Technology Solutions , Brightpoint Australia , Express Data , Express Online , ICT Distribution , Scholastic , Topstar Computer International
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/2009-09-18_71_become-an-avg-reseller
AVG (AU/NZ) Pty Ltd

Become an AVG Reseller and Make Serious Money!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.