Oct 04 2007

QuickTime flaw Fixed. Security Update Available for Download

Posted by: Sierra Monica B. in Software



QuickTime flaw Fixed. Security Update Available for Download

QuickTime flaw Fixed. Security Update Available for DownloadIf you remember, in September, Petko D. Petkov and Aviv Raff have warned us about the QuickTime flaw which consisted in a protocol handling problem that allowed the installation of backdoors through Firefox.
At that time, Mozilla had patched the bug but its users were advised to stop using QuickTime for a while.

Now Apple has managed to fix the vulnerability in QuickTime explaining the matter:
"A command injection issue exists in QuickTime's handling of URLs in the qtnext field in files with QTL content. By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution.”

The patch is destined for QuickTime 7.2 on Windows Vista and Windows XP SP2 and the 7MB update is available on the official Apple website.



These icons link to social bookmarking sites where readers can share and discover new web pages.
  • TwitThis
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Mixx

Comments

(required)

(will not be published/required)

(required)