Apple Patches QuickTime Security Hole
Apple today issued a software update to plug a security hole in its QuickTime media player software. The flaw is present in both Mac OS X and Windows versions of the player.
Mac users can get the fix through Apple's site or via the built-in Software Update feature. Windows users can download the installer for the new version, or -- if they have a recent version of iTunes or QuickTime installed -- use the bundled Apple Software Update application.
Security researcher Dino Dai Zovi discovered the security hole last month at the CanSecWest security conference in Vancouver, B.C., in response to a challenge wherein attendees were invited to find a previously undocumented way to break into a fully patched MacBook computer over a network. Dai Zovi discovered the flaw after conference organizers relaxed the rules a bit and a $10,000 prize was added to the mix.
Initially, the bug that Dai Zovi found was thought to be a security weakness in Safari, the default Web browser on the Mac. However, later research showed that the problem was with a Java component in QuickTime that could be exploited to break into vulnerable machines just by convincing a Mac user to visit a malicious Web site.
Update: 10:44 a.m. ET, May 2: A previous version of this entry incorrectly stated that Dai Zovi works for Matasano Security. He is no longer with the company. The above post has been changed.
May 1, 2007; 5:22 PM ET
Categories: Latest Warnings , New Patches , Safety Tips
Save & Share: Previous: Building A Web-Based Neighborhood Watch
Next: Scammers Randomly Target Checking Accounts
Posted by: Alam | May 2, 2007 1:54 AM | Report abuse
Posted by: D | May 2, 2007 10:30 AM | Report abuse
Posted by: John | May 2, 2007 12:49 PM | Report abuse
Posted by: Anonymous | May 2, 2007 1:31 PM | Report abuse
Posted by: garyg | May 2, 2007 2:54 PM | Report abuse
Posted by: TJ | May 2, 2007 7:03 PM | Report abuse
Posted by: Master Guru | May 2, 2007 7:11 PM | Report abuse
Posted by: hemphill81 | May 3, 2007 10:57 AM | Report abuse
Posted by: Apple a Day | May 5, 2007 1:46 PM | Report abuse
The comments to this entry are closed.