Here, Apple discloses that an input validation issue exists in the QuickTime MPEG-2 Playback Component for Windows. An additional such document details the security content of QuickTime MPEG-2 Playback Component, available for Windows Vista, XP SP2 and SP3. The same situation was likely to occur with maliciously crafted QTVR movie files, maliciously crafted AVI and other format movie files, the company reveals in the same support document. This update addresses the issue by performing additional validation of RTSP URLs,” the company explains, crediting Attila Suszter for finding the bug. “Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution. Impacting Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3, “a heap buffer overflow exists in QuickTime's handling of RTSP URLs,” Apple says. QuickTime 7.6 is available as a free download for all supported platforms, including Mac OS X Leopard and Tiger, plus Windows XP and Vista.Īpple's Support section reveals that QuickTime 7.6 for Leopard and Tiger includes changes that “increase reliability, improve compatibility and enhance security.” A detailed overview of the security content of QuickTime 7.6 reveals that the company has patched quite a number of holes, both on the Mac and Windows sides of the software.įor instance, Apple learned that accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution.
Apple has released a new version of its multimedia framework capable of handling digital video, media clips, sound, text, animation, music, and interactive panoramic images in various formats.
0 kommentar(er)
