RSS FEED: CNet News | PCWorld | ZNet | The Register | BBC News | eWEEK | Tom's Hardware | TechCrunch | Wired | Scientific American

HARDWARE | SOFTWARE | SCIENCE | GEEK | HACK | SECURITY |

Wednesday, January 03, 2007

QuickTime zero-day bug threatens Macs, PCs

A newly disclosed security vulnerability in Apple Computer's QuickTime software could put both Macs and Windows PCs at risk of cyberattacks, experts have warned.

The publication on Monday of the vulnerability and detailed attack code kicks off the "Month of the Apple Bugs" project, which promises to feature a new Apple software bug each day in January.

The QuickTime vulnerability relates to how the media player software handles the Real Time Streaming Protocol, or RTSP, according to an advisory published on the Month of the Apple Bugs Web site. An attacker could create a special RTSP string in a rigged QuickTime file that would cause a buffer overflow, according to the advisory.

"The risk is having your system compromised by a remote attacker, who can perform any operation under privileges of your user account," said LMH, the alias of one of the two security researchers behind the Month of the Apple Bugs. "It can be triggered via JavaScript, Flash, common links, QTL files and any other method that starts QuickTime."

Read more...

Posted by Wayne at 11:20 AM

Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)