Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Apple patches QuickTime, iPhone
Published: 2008-01-15

Apple released two software updates on Tuesday to close serious security holes in the company's QuickTime media player and iPhone software.

The fixes -- which arrived on the same day that CEO Steve Jobs took the stage in San Francisco to unveil an ultra-thin laptop -- closed at least seven vulnerabilities in Apple's software. The four issues in the company's QuickTime media player all involved flaws in the way the software handled movie files or PICT images and could allow an attacker the ability to crash the program or execute code on the target's computer. The vulnerabilities affected both the Windows version and the Mac OS X version of the software, according to the Apple's advisory.

The iPhone update, which also adds location-finding and movie rental features, closed security holes in the device's passcode locking function and in the phone's Safari browser, according to Apple's advisory.

Security researchers have increasingly focused on finding vulnerabilities in both the QuickTime media player and Apple's iPhone. In 2007, the consumer technology company fixed at least 34 vulnerabilities in QuickTime. Media players, browsers and other common client-side applications have increasingly become a favorite target of online attackers as operating systems have become more difficult to exploit. After the release of the popular iPhone in June, hackers and security researcher found a handful of flaws in the device.

The latest patches update the QuickTime media player to version 7.4 and the iPhone to version 1.1.3. The media player can be upgraded from the application's menu or from Apple's software download site, while the iPhone update should be downloaded through management interface available via iTunes.

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus