Slim Down for Summer with That's Fit

Another zero-day exploit for QuickTime

Posted Jan 11th 2008 12:00PM by Michael Rose
Filed under: Security

US-CERT and Information Week are reporting a new vulnerability in QuickTime's handling of RTSP streams, which has been demonstrated to crash QuickTime Player on Windows and may also affect the Mac version. See the writeup by researcher Luigi Auriemma, who first announced the flaw.

Unlike the RTSP bug patched in QuickTime 7.3.1 last month, this vector works by overflowing an HTTP error buffer sent when the RTSP port 554 is closed on the malicious server, and the QuickTime client tries to switch to port 80. Sneaky.

Since we're almost certain to see iTunes 7.6 and possibly QuickTime 7.3.2 at Macworld anyway, expect another rev of QuickTime to close this hole after those versions ship -- since Apple wasn't notified in advance of this hole, it's unlikely to be caught in the pending updates, as commenter Nicholas points out (unless Apple found the vector independently).

Tags: quicktime, rtsp, security, tweet-this

  • Read
  • Permalink
  • Email this
  • Comments [7]

Related Headlines

Reader Comments (Page 1 of 1)

TUAW Features

back-to-school
Mac 101 ask-tuaw
Mac News
WWDC (251)
.Mac (65)
Accessories (651)
Airport (75)
Analysis / Opinion (1402)
Apple (1695)
Apple Corporate (573)
Apple Financial (197)
Apple History (51)
Apple Professional (54)
Apple TV (164)
Audio (450)
Bad Apple (130)
Beta Beat (155)
Blogging (87)
Bluetooth (18)
Bugs/Recalls (56)
Cult of Mac (879)
Deals (224)
Desktops (116)
Developer (277)
Education (109)
eMac (10)
Enterprise (146)
Features (411)
Freeware (397)
Gaming (390)
Graphic Design (37)
Hardware (1302)
Holidays (37)
Humor (586)
iBook (66)
iLife (240)
iMac (185)
Internet (339)
Internet Tools (1337)
iTS (981)
iTunes (823)
iWork (23)
Leopard (375)
Mac mini (112)
Mac Pro (54)
MacBook (206)
MacBook Air (82)
Macbook Pro (225)
MobileMe (47)
Multimedia (457)
Odds and ends (1481)
Open Source (281)
OS (937)
Peripherals (214)
Podcasting (183)
Podcasts (94)
Portables (198)
PowerBook (136)
PowerMac G5 (51)
Retail (610)
Retro Mac (50)
Rig of the Week (42)
Rumors (640)
Software (4442)
Software Update (425)
Steve Jobs (254)
Stocking Stuffers (50)
Surveys and Polls (97)
Switchers (114)
The Woz (35)
TUAW Business (256)
Universal Binary (281)
UNIX / BSD (61)
Video (907)
Weekend Review (84)
WIN Business (47)
Wireless (87)
Xserve (39)
iPhone/iPod News
iPhone (1755)
iPod Family (2109)
App Store (144)
SDK (27)
Mac Events
One More Thing (27)
Liveblog (2)
Other Events (226)
Macworld (489)
Mac Learning
AppleScript (4)
Ask TUAW (106)
Blogs (85)
Books (26)
Books and Blogs (62)
Cool tools (449)
Hacks (471)
How-tos (490)
Interviews (44)
Mods (190)
Productivity (591)
Reviews (114)
Security (166)
Terminal Tips (64)
Tips and tricks (574)
Troubleshooting (171)
TUAW Features
iPhone 101 (36)
TUAW Labs (4)
Blast From the Past (19)
TUAW Tips (150)
Flickr Find (38)
Found Footage (90)
Mac 101 (109)
TUAW Interview (31)
Widget Watch (198)
The Daily Best (1)
TUAW Faceoff (6)

RESOURCES

RSS NEWSFEEDS

Powered by Blogsmith

Sponsored Links

The Unofficial Apple Weblog (TUAW) bloggers (30 days)

#BloggerPostsCmts
1Robert Palmer4942
2Cory Bohon461
3Steven Sande3913
4Erica Sadun251
5Scott McNulty242
6Mike Schramm230
7Giles Turnbull220
8Michael Rose2125
9Mat Lu1910
10Christina Warren1735
11Dave Caolo170
12Brett Terpstra110
13TUAW Blogger60
14Victor Agreda, Jr.26
15Jason Clarke11

Featured Galleries

Macworld 2008 Keynote
Macworld 2008 Build-up
Apple Vanity Plates
DiscPainter
Crash Bandicoot Nitro Kart 3D
Macworld Expo 2007 show floor
Apple Texas Hold 'Em
The Macworld Faithful in Line
iPhone First Look

 

    Most Commented On (7 days)

    Recent Comments

    More Apple Analysis

    More from AOL Money and Finance

    Weblogs, Inc. Network

    Other Weblogs Inc. Network blogs you might be interested in:

    Joystiq
    Download Squad
    The Unofficial Apple Weblog (TUAW)
    BloggingStocks
    Xbox 360 Fanboy
    Autoblog
    Big Download Blog
    Fanhouse Backporch