Apple addresses two flaws in DSS

By Justin Mann on May 11, 2007, 4:26 PM
Two flaws in Apple's Darwin Streaming Server have been fixed. Both flaws, if compromised, could allow arbitrary code execution, making them particularly dangerous. Of course, to be vulnerable at all a machine would have to be using DSS to serve content. However, they can be exploited remotely local access to the server isn't required. With DSS 5.5.5, both of the holes are plugged, and Apple hasn't revealed any information on whether or not these were successfully exploited in the wild. Darwin Streaming Server is an open-source branch of QuickTime Streaming server, though it isn't clear if the flaws are as a result of common code or are independent to DSS.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.