Apple fixes media server flaws
Pair of flaws in Darwin Streaming Server could let a remote attacker commandeer the system running the application or cause it to crash.
Apple on Thursday released an update to the Darwin Streaming Server software to fix a pair of serious security flaws.
Darwin Streaming Server is the open source version of Apple's QuickTime Streaming Server that lets people send streaming media to computers via the Internet using standard RTP and RTSP protocols.
The vulnerabilities in the software could let a remote attacker commandeer the system running the application or cause it to crash, Apple said in a security alert. To do that, an attacker would have to send a rigged request to a server running the media streaming program, it said.
Darwin Streaming Server release 5.5.5 addresses the security issues and is available on Apple's Web site.