The United States Computer Emergency Readiness Team has discovered a new buffer overflow vulnerability with Apple's QuickTime media software.
The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple's popular iTunes software, it is also affected.
The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime crashes at a memory location that can be controlled by an attacker.
US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.
Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.
No comments:
Post a Comment