Tuesday, January 23, 2007

Security Update 2007-001

A new Quicktime security update was released today for Tiger (OS X 10.4) and Panther (OS X 10.3). The update can be obtained via Software Update or through Apple Downloads.

Description: A buffer overflow exists in QuickTime's handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.

Security Update 2007-001 (Universal) (4.9 MB)
Security Update 2007-001 (Panther) (2.4 MB)

No comments: