21 gennaio 2009

Sucurity Focus (http://www.securityfocus.com) riporta una collezione di bug scoperti in Apple QuickTime che esporrebbero ad attacchi di tipo heap-based buffer-overflow e memory-corruption.
Per maggiori info, leggere i seguenti bollettini:

Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33388/info)

Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33387/info)

Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33390/info)

Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33384/info)

Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability (http://www.securityfocus.com/bid/33393/info)

Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33389/info)

Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability (http://www.securityfocus.com/bid/33386/info)

Apple QuickTime RTSP URL Remote Heap Buffer Overflow Vulnerability (http://www.securityfocus.com/bid/33385/info)


Fonte: SecurityFocus (http://www.securityfocus.com)

ripreso da secunia:

Apple QuickTime MPEG-2 Playback Component Input Validation Vulnerability (http://secunia.com/advisories/33642/)

Apple QuickTime Multiple Vulnerabilities (http://secunia.com/advisories/33632/)

correlata:

GStreamer Good Plug-ins QuickTime Processing Vulnerabilities (http://secunia.com/advisories/33650/) su secunia

Quicktime rimedia a 7 buchi di sicurezza (http://www.webnews.it/news/leggi/9982/quicktime-rimedia-a-7-buchi-di-sicurezza/) su webnews

Anche gli utenti che usano il Quicktime Alternative sono interessati all'aggiornamento.
La versione è la 280.