| ||||||
 |
| | LinkBack | Thread Tools | Display Modes |
|
#1
10-04-2007, 01:54 AM
| ||||
| ||||
Apple finally fixes year-old QuickTime flaw by Jose Vilches on October 3, 2007, 5:34 PM | Last month, security researches Petko D. Petkov and Aviv Raff published proof-of-concept exploits to show that QuickTime still had a major protocol handling problem that could cause Firefox to install backdoors and other malware on a fully patched computer. Although the Mozilla team promptly patched the bug in Firefox 2.0.0.7, Apple has finally come up with its own fix for the year-old QuickTime vulnerability. "A command injection issue exists in QuickTime's handling of URLs in the qtnext field in files with QTL content," the company explained. "By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution." The patch affects users of QuickTime 7.2 on Windows Vista and Windows XP SP2. A 7MB security update is available for download at the Apple’s website. http://www.apple.com/support/downloa...orwindows.html And they bitch about MS being slow... -hahahah - This also patches FireFoxinstead of the workaround
__________________ The only Stupid Question is the one you failed to Ask! Beta Tester since Pre Win 95.       |
| Sponsored Links |
Linear Mode
