Posted on 11/08/2005 6:11:00 PM PST by Bush2000
Another QuickTime flaw found
By Dawn Kawamoto, CNET News.com
Published on ZDNet News: November 8, 2005, 11:46 AM PT
Less than three weeks after Apple Computer issued an update to patch four security flaws in its QuickTime media player, a new "critical" problem has been discovered.
The unpatched vulnerability could allow remote execution of code, according to an advisory published Monday by eEye Digital Security. It affects various versions of Apple QuickTime running on all types of operating systems, the company said, but did not specify which versions in particular were at risk.
eEye said it notified Apple of the flaw on Oct. 31, when it outlined vulnerabilities that were not addressed in Apple's update of Oct. 12. And although Apple issued a security advisory Nov. 3 regarding its patch and the four flaws, that advisory did not address the new flaw eEye discovered, said Mike Puterbaugh, eEye's senior product marketing director.
"We don't feel this flaw could result in an Internet worm, as it does require end-user interaction (such as clicking on a link to a malicious Web site or chat session). The affected component is, however, enabled by default," Puterbaugh said.
This newly discovered flaw could allow an attacker to pose as the logged-in user and launch remotely executable code. An intruder, for example, could access and do everything that a user could do on his computer. If the user had administrator rights, the hacker could also access everything that the administrator could.
"The Apple flaw works with their latest version of QuickTime," said Steve Manzuik, eEye product manager. "The only similarity with the earlier flaws is it's in QuickTime."
(Excerpt) Read more at news.zdnet.com ...
Repeat after me: "Apple means quality. I'm safe. I cannot possibly be harmed by malicious software. "
Every time I've tried to use "Quickcrap", it has hosed my system. Why do people keep using it to post video?
If you're complaining about QuickTime, it's obvious you're on Windows.
Linux/Lupper.worm in the wild. Details at McAfee.
Cool! So Apple thinks that releasing crap is acceptable? Wow, sign me up! Where can I get Quicktime for Windows? I don't want to waste another minute... /SARCASM
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.