Apple Patches QuickTime Flaw

A security hole in Apple’s QuickTime media player
could put users at risk of buffer overflow attacks, the computer maker
warned in an advisory.

Apple released a fix for the QuickTime issue along with patches for
seven other flaws in the Mac OS X that could lead to security bypass,
exposure of sensitive information, Denial-of-Service attacks and system
compromise.

According to the advisory,
the QuickTime flaws were detected in the way the media
player decodes BMP image types. A successful attacker could overwrite
heap memory and potentially allow the execution of arbitrary code hidden
in an image.

Independent research firm Secunia rates the Mac OS X vulnerabilities
as “highly critical.”

The mega patch also plugs a hole in the operating system’s AFP Server, which
can be exploited by guest users to disconnect AFP volumes by
sending specially crafted SessionDestroy packets.

Apple said it also found a vulnerability in CUPS and warned that an
attacker could trigger DoS attacks or steal users’ passwords from log files.

The company also released patches for a security issue in the NetInfo
Manager utility that may result in an incorrect indication of the root
account being disabled. Apple also corrected a security issue in
postfix with “SMTPD AUTH” enabled.

News Around the Web