Apple Update Patches QuickTime
Apple's QuickTime for Windows player contains a security flaw that puts users at risk of computer hijack, the computer maker said in an advisory. Apple's monthly security update for October includes a fix for the QuickTime vulnerability, which researchers say could lead to buffer overflow attacks in HTML environments.
Source: Internet NewsAccording to the advisory, an attacker could execute arbitrary code on a user's system via specially crafted HTML documents. "A sign extension of an overflowed small integer can result in a very large number being passed to a memory move function. The fix prevents the small integer from overflowing," Apple said, noting that this bug only affects Windows systems. A separate heap buffer overflow was also patched to correct the way the player handles the decoding of BMP images. This flaw affects Mac OS X users and was previously fixed in Apple's September security update. Research firm Secunia rates the QuickTime issue as "highly critical" and urged users to update to version 6.5.2.
0