QuickTime Flaw Kicks Off Month of Apple Bugs


A previously undocumented flaw in Apple's QuickTime media player could be exploited remotely by attackers to install malicious software on computers running either the Windows or Mac OS X operating systems, according to the inaugural posting by the Month of Apple Bugs project, a month long effort that promises to feature a newly described security hole in Apple's software each day for all of January.

The advisory on the MoAB page states that the vulnerability stems from the way QuickTime implements a media streaming communications standard known as the "real time streaming protocol," or RTSP for short. By convincing an unsuspecting user to click on a specially crafted, very long hyperlink that begins with "rtsp://", and an attacker could install unwanted software on the victim's computer. Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)

Linked by shanmuga Monday, 1st January 2007 9:56PM