Via InformationWeek -
Apple on Thursday released an updated version of its QuickTime media software for Mac OS X and Windows that addresses a security vulnerability and restores compatibility with a third-party video program.
QuickTime 7.4.1 addresses a flaw in the way earlier versions of QuickTime handled the Real-Time Streaming Protocol. "A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled," Apple explained in its security bulletin. "By enticing a user to visit a maliciously crafted Web page, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking."
Apple fixed a previous RTSP buffer overflow bug (CVE-2007-6166) with the release of QuickTime 7.3.1 on Dec. 13.
The RTSP vulnerability was reported on Jan. 10 by Italian security researcher Luigi Auriemma. On Jan. 15, Apple released security fixes for its iPod Touch, iPhone, and QuickTime, but the RTSP bug wasn't addressed. The QuickTime 7.4 release, however, caused problems for users ofAdobe (NSDQ: ADBE)'s professional video graphics program After Effects.
----------------------------------
Three days short of a month of exposure.....
I totally removed iTunes and started to use Wimamp to manage my iPod.
No comments:
Post a Comment