Article

Apple fixes multiple QuickTime flaws

Bill Brenner, Senior News Writer

Apple Computer Inc. has fixed a variety of QuickTime flaws attackers could exploit to cause a denial of service or launch malicious code.

The security holes affect Mac OS X and Windows platforms where the media player is running.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

Apple has released an updated version of QuickTime, 7.0.4, to fix the problems.

According to the Cupertino, Calif.-based company:

The first problem is that a maliciously-crafted QTIF image could be used to launch malicious code. "By carefully crafting a corrupt QTIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The second problem is that viewing a maliciously-crafted TGA image could be used to launch malicious code. "By carefully crafting a corrupt TGA image, an attacker can trigger a buffer overflow, integer overflow, or integer underflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TGA images."

The third problem is that viewing a maliciously-crafted TIFF image could be used to launch malicious code. "By carefully crafting a corrupt TIFF image, an attacker can trigger an integer overflow that may result in a denial of service or arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of TIFF images."

The fourth problem is that a maliciously-crafted GIF image could be used to launch malicious code. "By carefully crafting a corrupt GIF image, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of GIF images."

The fifth problem is that a maliciously-crafted media file could be used to launch malicious code. "By carefully crafting a corrupt media file, an attacker can trigger a heap buffer overflow that may result in arbitrary code execution," Apple said. "This update addresses the issue by performing additional validation of media files."