Apple finally fixes year-old QuickTime flaw

By on October 3, 2007, 5:34 PM
Last month, security researches Petko D. Petkov and Aviv Raff published proof-of-concept exploits to show that QuickTime still had a major protocol handling problem that could cause Firefox to install backdoors and other malware on a fully patched computer. Although the Mozilla team promptly patched the bug in Firefox 2.0.0.7, Apple has finally come up with its own fix for the year-old QuickTime vulnerability.

"A command injection issue exists in QuickTime's handling of URLs in the qtnext field in files with QTL content," the company explained. "By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution."
The patch affects users of QuickTime 7.2 on Windows Vista and Windows XP SP2. A 7MB security update is available for download at the Apple’s website.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.