All hail our QuickTime overlords. Apple’s gone ahead and released the long-awaited blockbuster adaptation of QuickTime 7.4.1. You’ve been awaiting it, haven’t you? Right?
Well, perhaps you’d like to know what 7.4.1 brings to the table, hmm? Glad you asked. Survey says: one security fix. And if you guessed it had something to do with RTSP, well, you’re a winner (no matter what that girl who turned you down for the high school prom says). Here’re the details, straight from Cupertino:
CVE-ID: CVE-2008-0234Wowza. We’re presuming this fixes the problem we reported back in January, but we’d hope that this update would also provide some measure of relief to After Effects users. Let us know if you’re one of the affected and this does anything for you.Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
Impact: Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
As that description leads you to believe, we’ve got more flavors of 7.4.1 than Bernie Bott’s Everyflavor Beans: there’s Leopard, Tiger, Panther, and everybody’s favorite cat, Windows. They all fix the same thing, so give the appropriate version a whirl.
[hat tip: Dan K.]
oh good! i can start visiting malicious website again!
I think you mean Bertie Bott's Every Flavor Beans.
Sorry, I'm a big-time Harry Potter fan. Couldn't resist.