News

iTunes, QuickTime Flaws Detailed

By the Betanews Staff | Published December 22, 2005, 10:39 AM

Security researcher Tom Ferris has posted details on a security vulnerability that affects the latest versions of Apple's iTunes and QuickTime software. A specially crafted .mov video file could cause a heap overflow and potentially give an attacker the ability to execute arbitrary code.

Ferris first reported the problem earlier this month and says he notified Apple at that time. He says both Mac OS X and Windows machines are affected, as are older versions of iTunes and QuickTime. Security firm Secunia has rated the vulnerability "moderately critical," as code execution has not been confirmed.

Comments

View comments by with a score of at least

jsc315
Dec 22, 2005 - 1:29 PM

thats a first for a mac.

Score: 0

|
Post Reply
jessshaun
Dec 22, 2005 - 4:36 PM edited

No it's not... they are just quicker to fix them and most flaws do not become public.

Besides it's quicktime and iTunes... I know I'm not surprised...

Score: 0

|
Post Reply
frankwick
Dec 23, 2005 - 10:37 AM

That's a first THIS MONTH for a mac. You will see more of these as the popularity of Macs increase. It's the price Apple will have to pay for "growing up."

Score: 0

|
Post Reply
Fidelio
Dec 22, 2005 - 11:17 AM

And then, people attack Microsoft. Wasn't it that MacOS and Apple Software were bulletproof?

Who knows how many bugs like this are in MacOS... scary...

Score: 0

|
Post Reply
lordnaastik
Dec 22, 2005 - 11:12 AM

Hope they fix it soon

Score: 0

|
Post Reply

Google Chrome 4: Yes, it's fast, but is it usable?

As Betanews readers have responded to our stories about Chrome's JavaScript superiority...Does that mean we'd actually use this browser? Well...

Video: Netflix on PlayStation 3

Netflix has come to the PlayStation 3 via Blu-ray and BD-Live.

Verizon Wireless launches new Android, Chocolate, and ruggedized phones

The lower-priced Eris joins the Droid, while the Chocolate gets a touchscreen and more music playback.

Early sales figures for Windows 7 nicely high, but do we know why?

Fans of triple-digit surges in figures quoted by Betanews will love this one, as it appears Microsoft rediscovered how to pull off a software launch.

Myka announces its latest Linux-based 'net top box'

Myka's ION brings Boxee, XMBC, and much more to HDTVs.

What hath Mac wrought? A remembrance after a quarter-century

The reason there's a Macintosh today is not because of some brilliant flash of engineering genius, but because Apple had the audacity to learn from its mistakes.

Early build of Moblin 2.1 improves connectivity, but not device support

The Linux Foundation's Atom-centric OS yesterday received a major overhaul with the project release of Moblin 2.1 for netbooks and nettops.

The iPhone's China syndrome: Sales of 5,000 and climbing

There's actually a country where Apple's device is not a godsend, where sales can be measured in the dozens.

New European counterpart to FCC will ensure 'a more neutral net'

Late Thursday night, the ruling telecom administrators of the EU's member nations signed away their final authority to a new entity overseen by the EC.

Sophos study suggests Windows 7 UAC's default setting is self-defeating

Without any anti-virus installed, a Sophos test showed, User Account Control was only capable of thwarting just one malware package out of ten samples chosen.

Indiscreet tweet trips awareness of Web SSL vulnerability

A group of high-level security engineers had been making progress on thwarting a low-level threat to the Web, until somebody blurted it all out on Twitter.