Via PocketGamer.biz -
A vulnerability within QuickTime 7.5.5 and iTunes 8.0 has been uncovered by security researchers, and given a CVSS Severity rating of 9.3 (high) by the National Vulnerability Database.
The flaw in security is being exploited by malicious code hidden inside embedded MP3 files on web pages and through a long type attribute in a QuickTime tag. According to the VND, the security gap is a "Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 [that] allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code."
So far there's been no response from Apple regarding the bug, though only last week it addressed other bugs in the QuickTime system.
People are also being warned against an email that offers 'Virtual iPhone games!" and sometimes contains the subject line "Apple: The most popular game!". The email attachment (Penguin.Panic.zip) has been confirmed to contain the malware listed as Agent-HNY Trojan, so caution is advised when it comes to Apple related messages and websites for the time being.
--------------------------------------
We are waiting Apple...waiting for a response...to see if you are serious about changing the way you respond to security issues.
There is a released public exploit on the internet, it has been rated as high and affect one of your most widely installed pieces of software...hello?
Does Apple take security serious? Perhaps.
Does Apple take the security of their users serious? Very Unlikely
No comments:
Post a Comment