Fresh vulnerabilities plague QuickTime, Gmail
A cross-site scripting vulnerability revealed in Google’s Gmail was swiftly patched ove the holiday weekend, while the opening salvo in January’s Month of Apple Bugs proves to be significant for both Mac and Windows users.Apple’s QuickTime software has a highly serious bug that could leave Windows and Mac users open to attacks by malicious Web sites, according to a project aimed at disclosing Apple bugs throughout January.
The QuickTime flaw launches the Month of Apple Bugs (MOAB), which follows on from efforts such as the Month of Kernel Bugs and the Month of Browser Bugs. The bug was discovered by LMH, a MOAB organizer who hasn’t disclosed his name.
The flaw affects any Windows or Mac OS X bug with QuickTime Player Version 7.1.3 installed; previous versions are also probably vulnerable. The problem lies in the way QuickTime handles addresses beginning with “rtsp://”, and can be exploited to create a stack-based buffer overflow using HTML, JavaScript or a QTL file, LMH wrote.
www.techworld.com
