QuickTime 7.3.1, GarageBand 4.1.1 released
updated 06:40 pm EST, Thu December 13, 2007
QT, GarageBand updated
Apple today issued security updates to its QuickTime 7.3.1 software (Panther, Tiger, Leopard, Windows) for Mac OS X 10.3.9 Panther, 10.4.9 Tiger, 10.5 Leopard, and Windows Vista/XP SP2 that bolsters security. The Cupertino-based company also enhanced its GarageBand audio software. GarageBand 4.1.1 features better overall stability and fixes to issues with file export to iPhone. [updated]
Specific security issues addressed in Apple's latest QuickTime update follow:
Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2.
Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2
Multiple vulnerabilities in QuickTime's Flash media handler Description: Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2
yoh uh golly gee
12/13, 10:34pm reply
Wasn't this the end-of-the-world-most-awful-civilization-ending thing we were just hearing about from some so-called "security" consultants just last week?
Let's see- 2 people were affected (they both work for the security firm) and now the problem is gone.
A better headline would be: APPLE FIXES ALLEGED SECURITY ISSUE QUICKLY, WINDOWS STILL PLAGUED BY HUNDREDS OF FLAWS WITH NO FIX FROM MICROSOFT FORTHCOMING
Doofuses.
robttwo
Fresh-Faced Recruit
Joined: Nov 2005