11:05 A serious vulnerability in quicktime | |
The Danish company Secunia, which specializes in computer security, has revealed a serious flaw in a certain player from Apple QuickTime for Windows. Secunia reports that the vulnerability could be used fraudulently redirecting the user to a malicious Web page. According to a report by the Danish, the lack of a process of registration errors QuickTime streaming debugging can be used to invoke a buffer overflow. This happens when a program writes data beyond the boundaries of its allocated memory area. Buffer overflow is a serious threat to computer security, because in most cases, an overflow can insert arbitrary code into memory for later execution. To use this vulnerability QuickTime, hacker code execution on the user starts a Web-page that refers to a specially crafted file SMIL, contains a long URL. SMIL - a markup language based on XML, used to describe the layout timing, placement, animation, visual changes and many other aspects of multimedia objects. This kind of attacks carried out on the web, is known to download and transfer data goes unnoticed by the user when harmless action (such as clicking an attempt to "cross" to close the banner not only leads to the closing of banner, but downloading malware). The developers of malicious software on a regular basis trying to infect your trusted Web sites your banners and other content that are intended for use this vulnerability in unpatched versions of popular software (Adobe Reader, Adobe Flash Player, Java Runtime, ActiveX). QuickTime - a valuable target for cybercriminals, because the player is set to a very large number of computers around the world. Almost all people who own iPod, iPhone and iPad, use iTunes, but iTunes requires QuickTime for audio and video playback. The vulnerability is working on a fresh version of the player QuickTime 7.6.6 (1671), but it is possible that older versions are also subject to vulnerabilities. The very vulnerability was found by a Polish researcher Christian Kloskovski (Krystian Kloskowski), who in May found a similar vulnerability in the browser Safari. Patch or workaround yet, but Apple has so far not responded to a report Secunia. More from this vulnerability is available here. | |
|
Total comments: 0 | |