After attacks, Apple fixes QuickTime bug
Apple has released a new security patch for QuickTime, its eighth update this year for the media player software.
The update addresses three critical security holes in QuickTime, including a vulnerability that has been used in attacks by online criminals.
The most critical of the flaws lies in QuickTime's implementation of the Real Time Streaming Protocol (RTSP), used to play audio and video over the Internet. The flaw was made public Nov. 23, and in early December attackers began exploiting the flaw in online attacks. By tricking victims into visiting a malicious Web site that exploited the flaw, hackers were able to install malicious software on the victims' PCs.
To date, these attacks have targeted Windows-based systems, but security experts say that Mac OS X users are also at risk to the vulnerability. Apple issued patches for both Windows and Mac OS X users on Thursday.
The second critical vulnerability, which had apparently not been publicly disclosed, has to do with a flaw in the QuickTime Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new bugs.
Apple also patched a handful of similar bugs in the way that QuickTime handles Adobe's Flash media format. The most serious of these flaws could let attackers run unauthorized software on the computer, much as the RTSP bug does, Apple said.
With security researchers paying special attention to media format bugs, Apple has had to patch QuickTime frequently this year. Some of these updates have come just weeks apart. Apple last patched QuickTime on Nov. 5.
- +
Life on the EEEdge: Daily life with Asus' tiny laptop 04 January, 2008 07:15:21
6 annoying things (and 3 great ones) about Asus' ultraportableLike many gearheads, I've owned a lot of portable computers over the years -- and I've wanted to replace every last one with a smaller, sleeker upgrade, from the "luggable" Apple IIc onward. But most of those upgrades have left me disappointed: with the lack of software; with cheap, hard-to-use interfaces; and with "optional" add-ons that were in fact very much necessary to make the machine useful. - +
Apple patches QuickTime, iPhone, iPod bugs 16 January, 2008 08:31:24
But last week's critical QuickTime RTSP flaw not fixed, says researcherJust hours after Apple's CEO Steve Jobs touted iTunes and the iPhone, the company plugged four security holes in QuickTime -- iTunes' media-player sidekick -- and fixed three flaws in both the iPhone and its iPod Touch cousin. - +
IT people, places and things that matter 24 December, 2007 07:23:06
For their ability to draw your attention, these 10 people, places and things stand out as newsmakers that matterWhat makes a top newsmaker? Sometimes a company generates lots of buzz by doing particularly innovative things, or someone with a catalyzing personality gains notoriety. Other times a hot new product or a spectacular disaster gets the attention of the masses. - +
Another month, another monster Apple security update 19 December, 2007 08:16:41
42 fixes for Leopard, Tiger, Safari for Windows bring year's total to 196Apple on Monday matched the patch count of last month's massive update, fixing 41 vulnerabilities in Mac OS X and updating the beta of its Windows browser to fix another. - +
True crime: The botnet barons 04 January, 2008 07:03:57
Two weeks ago, the feds revealed the names of eight people who had used botnets to engage in nefarious activity. Here are their storiesWhen federal agents announced on November 29 that they'd indicted or convicted eight individuals accused of using botnets (networks of computers infected with Trojan horse applications) to engage in criminal activity, the press release barely explained the nature and extent of the men's crimes -- or the investigations that led to arrests in an operation the FBI and other law enforcement agencies have termed Bot Roast II.
V/Line and Oakton use Microsoft SQL Server 2008 to develop an Executive HR Dashboard
With the help of Oakton, V/Line - Victoria's regional public transport provider - utilised Microsoft SQL Server 2008 to develop an Executive HR Dashboard report.
Buying Guides
Latest Products
