Heap overflow vulnerability discovered in Apple iTunes and QuickTime
December 22nd, 2005 Leave a comment Visited 21 times, 1 so far today
Heap overflow vulnerability discovered in Apple iTunes and QuickTime
Apple Computers recently updated their software applications iTunes and QuickTime to fix several security vulnerabilities. However, more issues have been discovered in the latest stable versions. The security advisory was posted on Security-Protocols.com and has been discovered by researcher Tom Ferris.
Ferris warns that million of iPod owners are at risk who uses iTunes and QuickTime applications to play and download videos from the net. The problem lies when a user plays a specially designed QuickTime movie containing the bad code. This movie can trigger a denial-of-service crash that may lead to malicious code execution.
Ferris also claims that he had informed the company more than a month ago and got little feedback from them except for a generic reply. Apple on their part does not comment on security related issues in their applications. Ferris on his part has labeled the issue as highly critical and claims that all current and prior versions of Apple iTunes and QuickTime for Mac OS X and Win32 are affected by it.
Another security firm Secunia rates this problem as “moderately critical”.
|
TechWhack on Facebook
|
This website uses IntenseDebate comments, but they are not currently loaded because either your browser doesn't support JavaScript, or they didn't load fast enough.