New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

Start a Discussion

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Apple Rumors and Reports Discuss what's going on with Apple in this forum

Quicktime Security Issue...

Post Reply New Thread Subscribe

Thread Tools

schweb's Avatar
Member Since: Oct 27, 2002
Location: Cleveland, Ohio
Posts: 13,195
schweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond reputeschweb has a reputation beyond repute
Mac Specs: MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2

schweb is offline

Just as streaming video and audio are hitting the mainstream, researchers have sounded the alarm about serious security holes in two popular digital media players.
The vulnerabilities have cropped up in RealNetworks' RealPlayer and Apple Computer's QuickTime. While unrelated, the weak spots could allow an intruder to execute damaging arbitrary code on a victim's computer.

Security experts are increasingly concerned about hackers exploiting digital media players, which are designed to accept Web addresses and scripts--a key route for self-propagating, hostile code.

The current vulnerabilities come at a time when streaming content has gained momentum, providing news and entertainment to a growing number of people accessing the Internet via broadband connections.

RealNetworks has issued an advisory, warning that by creating a specifically corrupted Portable Network Graphics file, an attacker could cause "heap corruption." Doing so would allow the attacker to execute code on the victim's machine. The vulnerable software uses an older data-compression library within the RealPix component of the player, leaving the system vulnerable. The company said it has fixed the vulnerability by using an updated version of the data-compression library.

RealNetworks said it had not received any reports of anyone's computer actually being attacked via this exploit.

The vulnerability affected the following popular versions of its digital media players: RealOne Player, RealOne Player v2 for Windows, RealPlayer 8 for Windows, RealPlayer 8 for Mac OS 9, RealOne Player for Mac OS X, RealOne Enterprise Desktop Manager and RealOne Enterprise Desktop

The Helix DNA Client was not affected, RealNetworks noted.

Meanwhile, security firm iDefense warned this week that it has discovered an exploitable buffer overflow vulnerability in Apple's QuickTime Player that could affect computers with Microsoft's Windows but not those with Apple's Macintosh OS.

Buffer overflows occur when an application is flooded with information and as a result cannot handle memory correctly. By causing a buffer overflow, attackers can insert their own code into the execution of the application.

In this case, a URL containing 400 characters will overrun the allocated space on the system, allowing the attacker to assume control of the system, iDefense said. All the attacker needs to do is to convince a Web surfer to click on a specially crafted URL.

iDefense said that QuickTime Player versions 5.x and 6.0 for Windows are vulnerable. The workaround suggested by iDefense is to remove the QuickTime handler from the Web browser or remove the registry key (HKEY_CLASSES_ROOT/quicktime).

Another option is to download Apple's QuickTime 6.1, which addresses this vulnerability, according to iDefense.

Apple was not immediately available for comment

schweb | community leader
flickr facebook twitter tumblr google+

Mac-Forums: On Twitter | On Facebook | On Flickr

QUOTE Thanks

Post Reply New Thread Subscribe

« Apple updates Remote Desktop | Another iMovie update nearing completion »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread Starter
Last Post
Wi-Fi Security schweb Schweb's Lounge 12 05-15-2009 04:31 PM
Quicktime issue! iWhat OS X - Operating System 8 03-14-2005 07:05 PM
Apple offers workaround for DHCP security issue Murlyn OS X - Operating System 0 12-03-2003 01:43 PM
Apple posts QuickTime for Java update 6.4 Murlyn Running Windows (or anything else) on your Mac 0 10-24-2003 11:06 AM
Severe Flash Security Flaw schweb Apple Rumors and Reports 1 03-04-2003 01:03 PM

All times are GMT -4. The time now is 12:18 PM.

Powered by vBulletin
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.

Welcome to

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!

(4 digit year)

Already a member?