Researchers discover security flaw in QuickTime

Jim Dalrymple
19 September, 2008
View more articles fromthe author
AAA
News

Researchers at Intego have discovered a bug in Apple’s recently released QuickTime 7.5.5 media software that could be used as a way to launch malicious attacks on unsuspecting users.

According to Intego, the problem is with the ‘quicktime type’ tag and its inability to handle longs strings. Researchers say any application that uses QuickTime is susceptible to the flaw. This includes applications like iTunes, Safari, Firefox, or Mail, which displays media inline. Even Quick Look, Apple’s Finder preview feature, is at risk.

The flaw can be executed remotely or locally, according to researchers. Files containing the strings will only cause the affected application to crash, for now. However, malicious code could be added to those files in the future.

There don’t appear to be any malicious files in the wild yet. Intego said they will continue to watch the bug to see if someone attempts to use it.

Leave a Comment

Please keep your comments friendly on the topic.

Contact us