- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Apple has released a security fix for its QuickTime media player software, fixing a critical bug that had been worrying security experts for nearly a month.
The update, released Wednesday, fixes a vulnerability in the Real Time Streaming Protocol (RTSP) used by QuickTime to handle streaming media.
On Jan. 10, researcher Luigi Auriemma disclosed the flaw by posting proof-of-concept attack code that could be used to run unauthorized software on a victim's computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday's QuickTime 7.4.1 update is for both the Mac OS X and Windows operating systems.
It is Apple's fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.
"In the past few months, QuickTime has been a prevalent target for security researchers," said Andrew Storms, director of security operations with nCircle Network Security, via instant message. "Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren't yet accustomed to attacks arriving in the form of a viral video."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment