Two flaws in Apple's
Darwin Streaming Server have been fixed
. Both flaws, if compromised, could allow arbitrary code execution, making them particularly dangerous. Of course, to be vulnerable at all a machine would have to be using DSS to serve content. However, they can be exploited remotely – local access to the server isn't required. With DSS 5.5.5, both of the holes are plugged
, and Apple hasn't revealed any information on whether or not these were successfully exploited in the wild. Darwin Streaming Server is an open-source branch of QuickTime Streaming server, though it isn't clear if the flaws are as a result of common code or are independent to DSS.