The patch comes 23 days after the researcher known only as "LMH" posted the flaw and proof-of-concept code as the opening round of his month of bugs.
Apple has patched the QuickTime vulnerability that was featured as the debut flaw in a researcher's ongoing Month of Apple Bugs project, a month-long campaign to spotlight problems in Apple's Mac OS X and applications.
The patch comes 23 days after the researcher known only as "LMH" posted the flaw and proof-of-concept code as the opening round of his month of bugs. The vulnerability is in QuickTime 7's parsing of RTSP (RealTime Streaming Protocol), a protocol used to transmit streaming audio, video, and 3-D animation over the Web. Users duped into clicking on an overlong rtsp:// link could have their PCs or Macs completely compromised, possibly automatically as soon as their browser reaches the site.
Apple's update adds validation of RTSP URLs, the Cupertino, Calif., computer and software maker said in the online advisory that accompanied the patch.
A day after LMH unveiled the QuickTime flaw, a Mac developer posted his own patch as part of a response to the bug-a-day project. Landon Fuller, who works on the DarwinPorts project, said he stepped in as "part brain exercise, part public service." So far, he and other researchers have published fixes for 20 of the 23 bugs listed on the Month of Apple Bugs site.
Earlier this month, Apple declined to confirm any of the Month of Apple Bugs vulnerabilities and only issued a standard statement saying, "Apple takes security very seriously and has a great track record of addressing potential vulnerabilities before they can affect users. We always welcome feedback on how to improve security on the Mac."
The patches for QuickTime 7.1.3 for Mac OS X 10.4 (Tiger) and 10.3 (Panther) are available as separate downloads, but the Windows fix -- that edition of the media player also is flawed -- requires the use of Software Update, an optional component of the combined Windows QuickTime/iTunes download.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.