And in the category of Most Vulnerable Apple Software Package, the winner is…QuickTime. It was a mere two days ago that a hole in QuickTime’s RTSP headers was announced, and now we have more detail on the problem. It is now confirmed, however, that the vulnerability seems to affect both Windows and OS X (that’s Tiger and Leopard, PowerPC and Intel). Oh, joy.
The exploit is laid out in staggering detail in a two-part blog post on Subreption, along with a list of factors that could help mitigate this vulnerability were they deployed in OS X. The upshot, though, is that a maliciously-crafted QuickTime movie could execute arbitrary code, due to a stack-based buffer overflow. That’s computerspeak for “whoopsie.”
Seems likely Apple is working on a patch, so don’t be surprised if a Security Update appears in your Software Update window sometime in the next few days.
[via The Register]
Wow this comes at a bad time. Tomorrow I am switching away from Windows as I'll be heading down to my local Apple store and purchasing a brand spanking new Macbook. I guess I'll just download VLC player and use it instead. I'm so excited that I'm getting a Macbook tomorrow I can hardly sit still.