- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Apple has released a new security patch for QuickTime, its eighth update this year for the media player software.
The update addresses three critical security holes in QuickTime, including a vulnerability that has been used in attacks by online criminals.
The most critical of the flaws lies in QuickTime's implementation of the Real Time Streaming Protocol (RTSP), used to play audio and video over the Internet. The flaw was made public Nov. 23, and in early December attackers began exploiting the flaw in online attacks. By tricking victims into visiting a malicious Web site that exploited the flaw, hackers were able to install malicious software on the victims' PCs.
To date, these attacks have targeted Windows-based systems, but security experts say that Mac OS X users are also at risk to the vulnerability. Apple issued patches for both Windows and Mac OS X users on Thursday.
The second critical vulnerability, which had apparently not been publicly disclosed, has to do with a flaw in the QuickTime Media Link (QTL) file format used by the media player. Security researchers have recently been looking at the way QuickTime works with these files as a potential source of new bugs.
Apple also patched a handful of similar bugs in the way that QuickTime handles Adobe's Flash media format. The most serious of these flaws could let attackers run unauthorized software on the computer, much as the RTSP bug does, Apple said.
With security researchers paying special attention to media format bugs, Apple has had to patch QuickTime frequently this year. Some of these updates have come just weeks apart. Apple last patched QuickTime on Nov. 5.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment