A heap overflow vulnerability in Apple Computer iTunes and QuickTime media players is triggered when playing a specially crafted .mov file will cause the heap overflow. This warning was released by Tom Ferris of Security-Protocols.com #.
Ferris said he flagged the issue to Apple more than a month ago but only received a cursory confirmation that the bug was being investigated. As per policy, Apple does not comment on security issues until a patch is available.
Download and play these proof-of-concept [.mov files] to trigger the crash, showing the control of memory.
Crash QuickTime Player
Crash Apply iTunes and QuickTime Player
Security alerts aggregator Secunia Inc. has slapped a “moderately critical” rating on the vulnerability and warned iTunes and QuickTime users to avoid opening “.mov” files from untrusted sources.
The Ferris discovery is not the first QuickTime/iTunes bug that remains unpatched. eEye Digital Security, a research outfit based in Aliso Viejo, Calif., lists three high-risk Apple flaws on its upcoming advisories Web page. [via]
Tuesday, December 20, 2005
Apple iTunes QuickTime players loopholes
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment