QuickTime 7 Vulnerability
the Month of Apple Bugs website posted their first vulnerability for this month, and it affects Windows as well, BAM!! KAPOW!! The double whammy. I’m sure the message boards will be heated up, my OS is better than your OS, can’t we all just get along?
The following description of the software is provided by vendor (Apple):
QuickTime 7 makes the future of video crystal clear with new features including user-friendly controls and pristine H.264 video. Upgrade to QuickTime 7 Pro and capture your own movies, then share them with friends and family via email or .Mac.
From Cnet, QuickTime zero-day bug threatens Macs, PCs,
The vulnerability affects QuickTime 7.1.3, the latest version of the media player software released in September, on both Apple Mac OS X and Microsoft Windows, according to the Month of the Apple Bugs advisory. Previous versions could also be vulnerable, according to the advisory.
Security-monitoring companies Secunia and the French Security Incidence Response Team, or FrSIRT, rate the QuickTime flaw as “highly critical” and “critical,” respectively. Source: News.com
As usual, this will be more dangerous to Windows users, as most users run under administrator accounts, Apple has not released any info on when a patch could be released.
They released the second vulnerability today, they are promising one a day,
A format string vulnerability exists in the handling of the udp:// URL handler. By supplying a specially crafted string, a remote attacker could cause an arbitrary code execution condition, under the privileges of the user running VLC.
This issue has been successfully exploited in VLC version 0.8.6 for Mac OS X. Previous versions and other platforms might be affected (thanks to David Maynor for confirming the issue in the Microsoft Windows version). Source: VLC Media Player udp:// Format String Vulnerability
The poster with the handle LMH and independent researcher Kevin Finisterre say a positive side effect will, probably, be a more concerned user base and better practices from Apple management. Makes for interesting reading at least, although this QuickTime vulnerability could affect a large percentage of the internet, especially Windows users.