Slashdot Mirror


Security Updates, Notices for Mac OS X

Myrrh writes "eEye reports they discovered a heap overflow in QuickTime 6.5, which 'allows a remote attacker to reliably overwrite heap memory with user-controlled data and execute arbitrary code.' Now's a swell time to visit Apple and download the updates for both programs." Also, Apple today released Security Update 2004-05-03, which includes updates for AFP Server, CoreFoundation, and IPSec, and is, like the QuickTime 6.5.1 update, available via Software Update.

2 of 74 comments (clear)

  1. Who finds these security holes? by amichalo · · Score: 4, Interesting

    Mod this a -1 STUPID but who finds most of these security flaws?

    No matter if it's OS X, Windows, or Linux, there are always these security fixes popping up. I assume there is a QA team that is working on this stuff but unless there is a vulnerability that manifests itself in the form of a virus or hacked system, who finds these things and why were they looking in the first place?

    --
    I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
  2. Re:Windows version, not Mac OS. by prockcore · · Score: 4, Interesting

    The heap overflow vulnerability mentioned here only applies to the Windows version of the Quicktime player, not the Mac OS version.

    Actually, that's a completely seperate vulnerability. The one talked about here is the one discovered by eEye and not the one discovered by iDefense.

    This is not suprising, just 1 month ago I mentioned that quicktime was vulnerable to buffer overflows left and right because there is absolutely no input validation done. I was flamed for saying that, but here we have 3 different buffer overflows patched all at once.