James Delahunty
24 Jan 2007 18:31
Apple Computer Inc. has patched a flaw in Quicktime that could be exploited by an attacker to run arbitrary code on a machine. The bug was discovered by a group of researchers who were investigating the Macintosh operating system and some third party software titles for it as part of the "Month of Apple Bugs" program. A total of 31 discovered vulnerabilities will be announced as a result.
This specific bug in QuickTime could be exploited using a specially crafted web page to cause a buffer overflow vulnerability in order to execute the arbitrary code. So far this is only issue patched by Apple itself. The fix prevents the Quicktime software from launching a malicious RTSP URL by performing additional validation.
Source:
Betanews