Vulnerability Discovered in Apple QuickTime
The “Month of Apple Bugs” project is pretty much what it sounds like — a month devoted to finding, proving and publishing the details of exploits in Apple hardware and software. Any coincidence that it’s scheduled for the same month as MacWorld can be chalked up to ironic humor on the part of cheeky hackers.
So far, the biggest story has been the discovery of a buffer-overflow vulnerability that can affect Windows and Macintosh machines running QuickTime 7.1.3. All the attacker has to do is send a bogus call to a the RTSP (Real Time Streaming Protocol) URL handler via HTML, JavaScript or through a QuickTime QTL file.
How can you defend yourself? According to LMH and Kevin Finisterre who discovered the vulnerability, “The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage.”
Popular
- Tumblr Marriage Proposal: Behind the Scenes of Justin and Marissa's Engagement
- BitTorrent After The Pirate Bay: Do You Still Need Trackers?
- Ten Sites for Free and Legal Torrents
- The Megawoosh Waterslide Viral: How It Was Really Done
- Nielsen: Facebook Now the No. 3 Video Site
- Six Steps To Get More HD From Your Scientific Atlanta Set-top Box
Recent
Network
- Skype CEO Outlines Platform Ambitions, Hiring Plans [GigaOM]
- Earth2Tech Week in Review [Earth2Tech]
- WWD Weekend Reading List [WebWorkerDaily]
- WinMo Wrap: Marketplace Hits All WM 6.x Phones; Opera Mobile Advances [jkOnTheRun]
- Weekly App Store Picks: November 21, 2009 [TheAppleBlog]
- Get Ready for Flash Player 10.1 to Stream P2P Video to Millions, Swap Files BitTorrent-style [NewTeeVee]
© 2009 The GigaOM Network. Marketing consulting by ACS.
Or, just download the patches that Landon is posting on his blog.
http://landonf.bikemonkey.org/code/macosx/
For the ultra-paranoid, download the source, and get the APE SDK from Unsanity, and build them yourself.