Threat Center Security News Apple Security Patch Fixes QuickTime
Apple Security Patch Fixes QuickTime Print E-mail
Written by Rebecca Mints   
Wednesday, 02 April 2008 18:00

11 vulnerabilities were addressed in the security patch released by Apple this week. Out of the 11, nine of the vulnerabilities may have allowed for execution of malicious code on an unsuspecting user's machine. Both Mac OS X and Windows versions were affected by eight of the vulnerabilities, and three of them affect Windows Vista and XP SP 2 only.


Carefully crafted movie files are the method of attack used to exploit some of the flaws. These come in the form of e-mails with links to malicious files. This new patch comes shortly after the contest held in Vancouver by TippingPoint Technologies, where a MacBook Air laptop was the first machine to be hacked using a zero-day vulnerability. A flaw in Apple's Safari 3.1 Web browser was exploited. The flaw has been disclosed to Apple and no other information will be let out until the flaw is fixed.


While it's not certain that the Safari vulnerability is related to QuickTime, Apple has given credit to TippingPoint for discovering six of the QuickTime flaws it addressed in the new patch.


Because QuickTime is such a widely used application it's a favorite target of hackers, and with Apple sales continuing to grow it's likely to be targeted even more frequently. During all of last year Apple released 34 QuickTime vulnerabilities. In 2006 they addressed 28 flaws. In 2008 Apple has released 16 patches thus far.


REFERENCES:
InformationWeek
Apple Issues QuickTime Security Fix
 

WTW Threat Level