Quicktime Vulnerabilities
The Tipping Point / 3com funded Zero Day Initiative posted a whole batch of Quicktime vulnerabilities yesterday:
While all of them are interesting, the 65 and 68 items stand out to me as the less important ones, as exploitation of the issue requires that a user open a specific file. The more nefarious items in 66 and 67 can be exploited by simply visiting a malicious website that has specially crafted images.
These vulnerabilities are part of what prompted the upgrade to the new Quicktime 7.3 that was released on Monday, and Apple has an updated page with notes about each vulnerability as well as a number of other CVE’s that were outstanding. As of today, Apple doesn’t have any outstanding issues on the ZDI Upcoming Advisories list.
This fall has largely been about image rendering flaws — from iPhone jailbreaks to this, it’s been almost non-stop. ‘Tis the season!
Loading...