Apple Plugs QuickTime Malware Installation Hole
Ryan Naraine writes on eWeek:
The company acknowledges the bug could lead to drive-by malware installations on Windows and Mac machines.More here.
Apple has issued a patch for a high-profile vulnerability in its flagship QuickTime media player, acknowledging that the bug could lead to drive-by malware installations on Windows and Mac machines.
With QuickTime 7.4.1, the company provides cover for a heap buffer overflow in QuickTime's handling of HTTP responses when RTSP (Real Time Streaming Protocol) tunneling is enabled.
Apple warned that malicious hackers could use booby-trapped Web pages to "cause an unexpected application termination or arbitrary code execution."