QuickTime/iTunes security vulnerability involving .mov files

Secunia reports on the discovery of a vulnerability in Apple QuickTime / iTunes, which can be exploited by malicious people to cause a DoS (Denial of Service), and with an unknown impact.

The report reads:

"The vulnerability is caused due to an error in handling malformed '.mov' files. This can be exploited to cause memory corruption, which causes the program to crash. It has been reported that arbitrary code execution may be possible. However, this has not been confirmed."

Secunia says the vulnerability has been confirmed in Apple QuickTime Player 7.0.3 and iTunes 6.0.1.3, though other versions may also be affected. The solution is to "not open '.mov' files from untrusted sources."

Feedback? Late-breakers@macfixit.com.

Resources