Apple Plugs QuickTime Code Execution Holes

 
 
By Ryan Naraine  |  Posted 2005-11-04 Email Print this article Print
 
 
 
 
 
 
 

Updated: A new version of the QuickTime media player protects against "highly critical" system access and denial-of-service vulnerabilities.

Multiple security flaws in Apple Computer Inc.s QuickTime media player could put users at risk of code execution attacks, the company confirmed in an advisory issued late Thursday.

The vulnerabilities, rated "highly critical," could give malicious hackers an open door to take over a vulnerable system or to launch denial-of-service attacks.

Affected software include QuickTime 6.x through 7.x. Apple recommends that QuickTime users upgrade to version 7.0.3 immediately.

In all, the upgrade covers four vulnerabilities. The most dangerous is described as an integer overflow error in the handling of a "Pascal" style string when loading a ".mov" video file. This can result in memory overwrite due to a large memory copy, potentially allowing arbitrary code execution via a specially crafted video file.

Mac OS X update swats five security bugs. Click here to read more. A second integer overflow error also exists in the handling of certain movie attributes when loading a ".mov" video file. This can also result in memory overwrite and potential code execution via a rigged video file.

The patch also corrects a NULL pointer dereferencing error when QuickTime handles certain missing movie attributes from a video file. This can be exploited to crash an application that uses QuickTime when a malicious video file is loaded.

The fourth flaw is a boundary error in the QuickTime PictureViewer when decompressing PICT data. This may be exploited to cause a memory overwrite, potentially allowing arbitrary code execution via a specially crafted PICT picture file.

The vulnerabilities were discovered and reported to Apple by private researcher Piotr Bania.

An Apple spokesperson said the new QuickTime versions were issued on Oct. 12, but full details on the vulnerabilities were not posted until late Thursday.

Editors Note: This story was updated to include comments from an Apple spokesperson. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel