Thursday February 7, 2008. 01:32 AM
TidBITS
Apple has released QuickTime 7.4.1, a critical security update all users should apply immediately. It is available via Software Update and as a direct download for Leopard, Tiger, Panther, and Windows systems.
This update patches a month-old zero-day vulnerability in the QuickTime streaming protocol (RTSP) that could allow an attacker to take over your computer if you visit a malicious Web site or receive an email with a malicious link. In security parlance, we call this "remote execution of arbitrary code," using a vulnerability for which no patch exists (the "zero-day" part). This is similar to a previous vulnerability in RTSP that Apple patched in the QuickTime 7.3.1 update (see "QuickTime 7.3.1 Fixes RTSP Vulnerability," 2007-12-14).
As usual, release notes are a sparse "addresses security issues and improves compatibility with third-party applications." A separate security note provides more details, but the security information isn't even referenced by the release notes on the download page, although they do appear on the security updates page.
Since this vulnerability has been in the wild with sample exploits for nearly a month, it is absolutely critical to apply the patch as quickly as possible. Copyright © 2008 Rich Mogull. TidBITS is copyright © 2008 TidBITS Publishing Inc. If you're reading this article on a Web site other than TidBITS.com, please let us know, because if it was republished without attribution, by a commercial site, or in modified form, it violates our Creative Commons License.
Yojimbo 1.5 from Bare Bones Software: Your effortless, reliableinformation organizer for Mac OS X. It will change your life,without changing the way you work. Download the demo or buy ittoday!
...
440Forums |
MacMusic.org |
PcMusic.org |
440tv |
Zicos |
AudioLexic
