Another Apple QuickTime Flaw Found
Less than three weeks after Apple Computer issued an update to patch four security flaws in its QuickTime media player, a new "critical" problem has been discovered. The unpatched vulnerability could allow remote execution of code, according to an advisory published Monday by eEye Digital Security. It affects various versions of Apple QuickTime running on all types of operating systems, the company said, but did not specify which versions in particular were at risk.
This newly discovered flaw could allow an attacker to pose as the logged-in user and launch remotely executable code. An intruder, for example, could access and do everything that a user could do on his computer. If the user had administrator rights, the hacker could also access everything that the administrator could.
"The Apple flaw works with their latest version of QuickTime," said Steve Manzuik, eEye product manager. "The only similarity with the earlier flaws is it's in QuickTime."
Apple told CNET News.com that it was not prepared to comment at this time. Manzuik said that on Monday Apple acknowledged receipt of eEye's advisory, but gave no indication of when, or if, it plans to patch the flaw. "It is something they will undoubtedly have to patch," he added.
This newly discovered flaw could allow an attacker to pose as the logged-in user and launch remotely executable code. An intruder, for example, could access and do everything that a user could do on his computer. If the user had administrator rights, the hacker could also access everything that the administrator could.
"The Apple flaw works with their latest version of QuickTime," said Steve Manzuik, eEye product manager. "The only similarity with the earlier flaws is it's in QuickTime."
Apple told CNET News.com that it was not prepared to comment at this time. Manzuik said that on Monday Apple acknowledged receipt of eEye's advisory, but gave no indication of when, or if, it plans to patch the flaw. "It is something they will undoubtedly have to patch," he added.
No comments:
Post a Comment