Apple - Apple Plugs QuickTime, iPhone Security Holes - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Apple Plugs QuickTime, iPhone Security Holes

Written By
Ryan Naraine
Ryan Naraine
Jan 15, 2008
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Here’s something that may be buried in the crazy Macworld news cycle: Apple has shipped two high-priority (critical) security patches for the QuickTime, iPhone and iPod Touch products.

The QuickTime update covers at least four serious vulnerabilities that put Windows and Mac machines at risk of code execution holes but, inexplicably, there are no fixes for the RTSP bug that was publicly released as a zero-day last week.

Here’s the documentation from Apple:

“* CVE-2008-0031–A memory corruption issue exists in QuickTime’s handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. Affects Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2.* CVE-2008-0032–A memory corruption issue exists in QuickTime’s handling of Macintosh Resource records in movie files. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Affects Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2.* CVE-2008-0033–A memory corruption issue exists in QuickTime’s parsing of Image Descriptor (IDSC) atoms. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. Available for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2.* CVE-2008-0036–A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. Affects Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2.“

Apple also shipped iPhone v1.1.3 and iPod Touch v1.1.3 to add several new features announced at Macworld and also to address at least three security holes.

The skinny on these vulnerabilities, which affect iPhone v1.0 through v1.1.2 and iPod Touch v1.1 through 1.1.2:

“* CVE-2008-0035–A memory corruption issue exists in Safari’s handling of URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution.* CVE-2008-0034–An implementation issue in the handling of emergency calls allows users with physical access to an iPhone to launch an application without the passcode.* CVE-2007-5858–Visiting a maliciously crafted Web page could trigger a cross-site scripting attack, which may lead to the disclosure of sensitive information.“
Ryan Naraine
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information