Another QuickTime flaw found

Another QuickTime flaw found
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: November 8, 2005, 11:46 AM PT

Less than three weeks after Apple Computer issued an update to patch four security flaws in its QuickTime media player, a new "critical" problem has been discovered.

The unpatched vulnerability could allow remote execution of code, according to an advisory published Monday by eEye Digital Security. It affects various versions of Apple QuickTime running on all types of operating systems, the company said, but did not specify which versions in particular were at risk.

eEye said it notified Apple of the flaw on Oct. 31, when it outlined vulnerabilities that were not addressed in Apple's update of Oct. 12. And although Apple issued a security advisory Nov. 3 regarding its patch and the four flaws, that advisory did not address the new flaw eEye discovered, said Mike Puterbaugh, eEye's senior product marketing director.

"We don't feel this flaw could result in an Internet worm, as it does require end-user interaction (such as clicking on a link to a malicious Web site or chat session). The affected component is, however, enabled by default," Puterbaugh said.

This newly discovered flaw could allow an attacker to pose as the logged-in user and launch remotely executable code. An intruder, for example, could access and do everything that a user could do on his computer. If the user had administrator rights, the hacker could also access everything that the administrator could.

"The Apple flaw works with their latest version of QuickTime," said Steve Manzuik, eEye product manager. "The only similarity with the earlier flaws is it's in QuickTime."

Yet more bad news from Cupertino. I'm shocked, shocked, shocked that there's a new critical problem with Apple's software!

Repeat after me: "Apple means quality. I'm safe. I cannot possibly be harmed by malicious software. "

2 posted on 11/08/2005 6:12:45 PM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)

SHHHH! Don't we all know only MS products have flaws. Whatcha trying to do, make heads explode all over Appledom.

3 posted on 11/08/2005 6:32:37 PM PST by softwarecreator (Facts are to liberals as holy water is to vampires.)

Every time I've tried to use "Quickcrap", it has hosed my system. Why do people keep using it to post video?

4 posted on 11/08/2005 6:35:00 PM PST by Publius6961 (Liberal level playing field: If the Islamics win we are their slaves..if we win they are our equals.)

Because QuickTime offers excellent video quality for their trailers.

If you're complaining about QuickTime, it's obvious you're on Windows.

5 posted on 11/08/2005 6:40:43 PM PST by newzjunkey (CA YES: 73 (prolife) - 74 (teacher accountability) - 75 (paycheck protection). NO: 78, 79, 80)

Also today...

Linux/Lupper.worm in the wild. Details at McAfee.

Three security flaws in the way Windows handles certain graphics files could create an opening for spyware and Trojan horse attacks, Microsoft has warned. Image-handling flaws put Windows PCs at risk

6 posted on 11/08/2005 6:45:38 PM PST by newzjunkey (CA YES: 73 (prolife) - 74 (teacher accountability) - 75 (paycheck protection). NO: 78, 79, 80)

Cool! So Apple thinks that releasing crap is acceptable? Wow, sign me up! Where can I get Quicktime for Windows? I don't want to waste another minute... /SARCASM

7 posted on 11/09/2005 10:35:22 AM PST by Bush2000 (Linux -- You Get What You Pay For ... (tm)

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.