Flaws Hit QuickTime, iTunes - WinPlanet Windows Software Reviews

You are in the: Small Business Computing Channel

ť ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

Power Search | Tips

In-Depth Reviews

Tips & Tutorials

Browsers

Chat / Conferencing

Desktop Utilities

Development

Internet Apps

Multimedia

OS Service Packs

Productivity Tools

Enter a keyword

Newsletters offering Windows news, articles, tips and reviews.

Partners & Affiliates

Small Business Computing

Ecommerce Guide

Webopedia

WinPlanet

WinPlanet / News

Download of the day

• McAfee Total Protection

Most Popular Software Downloads

• Mozilla Firefox

• Microsoft Office 2010

• QuickTime for Windows

• Adobe Reader

• Mozilla Thunderbird

• Winamp

• Microsoft Office 2007 Service Pack

• Google Earth

• Adobe Flash Player

• Windows Vista Service Pack 2 (Vista SP2)

• CCleaner (Crap Cleaner)

Most Popular Software Articles

• Windows Vista Tips: Home Networking Setup Tutorial

• 10 Must-Have Apps: The Free Windows Networking Toolkit

• How to Make Your Internet Connection Faster, Better

Software Reviews

Flaws Hit QuickTime, iTunes
Five Highly Critical Flaws Patched
Sean Michael Kerner

Attention Apple users: Step away from reading about MacWorld, put down your iPods and update your QuickTime software now to prevent a hacker from taking over your system.

There are five highly critical flaws in Apple's QuickTime application that affect both Apple and Windows versions, as well as Apple's popular iTunes application.

The flaws all relate to image-handling issues inside of QuickTime. CVE-2005-2340 is described by security firm Secunia as, "a boundary error in the handling of QTIF images [that] can be exploited to cause a heap-based buffer overflow." Such a buffer overflow could allow an attacker to execute arbitrary code.

CVE-2005-3707, CVE-2005-3708 and CVE-2005-3709 involve the TGA image file format that, when viewed, could also result in arbitrary code execution. CVE-2005-3710 and CVE-2005-3711 are similar flaws but related to the TIFF file format. CVE-2005-3713 affects GIFs.

CVE-2005-4092 is described by Secunia as, "a boundary error in the handling of certain media files [that] can be exploited to cause a heap-based buffer overflow." Again the potential impact is arbitrary code execution when a malicious media file is viewed.

According to Security firm eEye, which claims credit for discovery of a number of the vulnerabilities, QuickTime users aren't the only ones at risk. Users of iTunes are also at risk due to its tight integration with QuickTime and, as such, "all of these security issues are also exploitable via the iTunes software."

"Most IT departments probably saw Apple's security update and thought 'that's a consumer application, I don't have to worry about security policies for that.' Those IT departments would be mistaken," said Marc Maiffret, eEye's co-founder and chief hacking officer in a statement.

"There are few people that have not seen a co-worker with an iPod wandering the halls of their organization and those iPods probably mean iTunes is on your network."

Apple has provided an update for QuickTime that patches all the currently publicly disclosed vulnerabilities.

News courtesy of internetnews.com

January 12, 2006

Download QuickTime for Windows!

View All Video / Multimedia Products

Contents:
1. Five Highly Critical Flaws Patched

Additional Articles:

Apple Readies Next-Gen MPEG-4 Part 10

Apple Patches QuickTime Flaw

Apple Update Patches QuickTime

QuickTime Exploit Greets 'Month of Apple Bugs'

Apple Fixes QuickTime Image Flaws

Apple Aims to Patch Persistent QuickTime Hole

US-CERT Warns of Unpatched QuickTime Flaw

Apple Secures QuickTime

More Trouble for QuickTime

Apple Fixes a Quartet of QuickTime Flaws

Apple's QuickTime Gets Timely Update

Apple Issues Patches for QuickTime

The Network for Technology Professionals

About Internet.com

Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers

Whitepapers and eBooks

Microsoft Personalized Whitepapers and Resources for You
Article: Why Migrating from MySQL to SQL Server 2008 Makes Sense
Articles: Build a More Agile Business with IBM
Articles: IBM Offers Enhanced Measurement and Management for Energy Usage
Microsoft Article: Windows 7 Features Your Clients Will Need on Day One

Articles: IBM Helps Transformation to an Information-Based Enterprise
Microsoft Articles: Visual Studio 2010
Adobe Article: Java Developers Finding a Home at Adobe Flex
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Webcast: Connecting PHP to Microsoft Technologies
Video: Windows Azure Debugging Tips

MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Ready. Set. Windows 7.
HP PartnerONE | SolutionsINFINITE Visit us at hp.com/partners/us
Microsoft Free Trials: Windows Server 2008 R2, Exchange Server 2010 and Windows 7
Get the Windows 7 SDK

Free Trial: Red Gate SQL Backup Pro 6
Iron Speed Designer Application Generator
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

Learn Unified Communications
BlackBerry Application Development Resources
Learn SQL Server 2008
Learn Windows Server 2008 R2
Internet.com Hot List: Get the Inside Scoop on IT and Developer Products

Learn Forefront
Learn System Center
All About Botnets
Learn SharePoint
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES