Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Security

Submission + - Major QuickTime Vulnerability in Latest Version (beskerming.com)

SkiifGeek writes: "Less than a month after news of active OS X fake codec malware, a major vulnerability in the latest version of QuickTime (7.3, only released two weeks ago) has been discovered and has already gone from proof-of-concept exploit code to two readily available exploit samples.

With the ease by which this exploit can be integrated with media streams, it marks a greater threat for end users than a fake codec. At this stage, about the best mitigation recommended is to disable support for RTSP via the File Type / Advanced -> MIME Settings option in QuickTime's Control Panel / PreferencePane. Even though the exploit is only for Windows systems (including Vista — QuickTime apparently doesn't utilise ASLR), OS X users could be at threat from related problems, given historical RTSP vulnerabilities."

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Major QuickTime Vulnerability in Latest Version

Comments Filter:

Nothing motivates a man more than to see his boss put in an honest day's work.

Working...