The Web    Google
Apple Patches QuickTime Flaw

Apple Patches QuickTime Flaw
October 5, 2004
Ryan NaraineBy

A security hole in Apple's (Quote, Chart) QuickTime media player could put users at risk of buffer overflow attacks, the computer maker warned in an advisory.

Apple released a fix for the QuickTime issue along with patches for seven other flaws in the Mac OS X that could lead to security bypass, exposure of sensitive information, Denial-of-Service attacks and system compromise.

According to the advisory, the QuickTime flaws were detected in the way the media player decodes BMP image types. A successful attacker could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image.

Independent research firm Secunia rates the Mac OS X vulnerabilities as "highly critical."

The mega patch also plugs a hole in the operating system's AFP Server, which can be exploited by guest users to disconnect AFP volumes by sending specially crafted SessionDestroy packets.

Apple said it also found a vulnerability in CUPS and warned that an attacker could trigger DoS attacks or steal users' passwords from log files.

The company also released patches for a security issue in the NetInfo Manager utility that may result in an incorrect indication of the root account being disabled. Apple also corrected a security issue in postfix with "SMTPD AUTH" enabled.

  • 3/31: MyDoom-AI Worm Uses Email
  • Virus Alert: Optix.Pro Trojan Rated Low Threat
  • Senate Debating Data Privacy Changes
  • 2/22: MyDoom-BF Worm Sends Mass Emails
  • CERT: Sendmail Hacked
  • Startup Unveils Web Server Assessment, Defense Toolkit
  • 7/13: Rbot-DL Empowers Remote Users
  • 1/3: Hilin Worm Written in Visual Basic
  • 9/9: BackDoor-CEB.C Remote Access Trojan
  • 1/28: Sdbot.Worm!166912 Spreading
  • 9/30: Trojan.Duckey Exploits JPEG Flaw
  • Security Camera Articles