Apple today released Security Update 2007-001 (Universal) and Security Update 2007-001 (Panther) which is recommended for all users and improves QuickTime security.
CVE-ID: CVE-2007-0015: Available for: QuickTime 7.1.3 on Mac OS X v10.3.9, Mac OS X Server v10.3.9, Mac OS X v10.4.8, Mac OS X Server v10.4.8, Windows XP/2000
Impact: Visiting malicious websites may lead to arbitrary code execution
Description: A buffer overflow exists in QuickTime’s handling of RTSP URLs. By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution. A QTL file that triggers this issue has been published on the Month of Apple Bugs web site (MOAB-01-01-2007). This update addresses the issue by performing additional validation of RTSP URLs.
Security Update 2007-001 is available via Software Update and also as standalone installers:
• Security Update 2007-001 (Universal) 4.9MB
• Security Update 2007-001 (Panther) 2.4MB
More info: http://docs.info.apple.com/article.html?artnum=304989
installed with no problems
Thank you, Sir. May I have another.
OS X is going to be more than bullet proof. These guys trying to expose Apple bugs are only doing us a favor.
There may never be a virus for Mac OS X.
Hahahahaha.
…and I mean EVER!!!!!!
Muahahahahahaha!
Good to see Apple jumping on this right away!
Just an example of how Apple takes responsibility for OS X security as opposed to Microsiv leaving it to third parties to try filling the myriad security holes in Windows.
The only problem for Microsiv now is, if the were to somehow create a secure version of Windows (I know, I know), the European Union would sue them for anti competitive practices and force them to add in more security holes to keep the third party security companies happy.
@ Jouster: LOL, but a sad reality, the european union, in which I live, sucks 🙁
This security update is in response to the MoAB.
well pieterdebecker, get some balls, and move the fuck out of it, and stop whining!
i have seen the planet, and the EU is quite OK, especially Flanders !
I think the guys at MoAB are really doing us a favour. This is really just making OSX more waterproof, and the more bugfinders there are, the faster we can get the holes patched.
Shouldn’t that be Microsieve?
OSX will be safe, even when 80% of users have switched. Because it will still be more profitable for hackers to go after the 15% still stuck on Windows.
“i have seen the planet, and the EU is quite OK.”
Somebody reserve a bed in the Rehab…He’s back on the pipe.
“Just an example of how Apple takes responsibility for OS X security as opposed to Microsiv leaving it to third parties to try filling the myriad security holes in Windows. “
Except that Microsoft releases security updates each month too.
“Thank you, Sir. May I have another. OS X is going to be more than bullet proof. “
Sure, bend over, here it comes. You get a patch that patches a bunch of security holes, and Apple releases such a patch every month or so, and you still think OS X is bulletproof? What planet are you on?
” the faster we can get the holes patched.”
You seem to think this is a process that ends somewhere. Guess what: Every month will bring up new vulnerabilities in Windows, OS X and Linux. If you look at Unix’s record, it’s been being security patched for 40 years, no end in sight.
whateever…behold the king of os…..OS X
The difference is there are few real exploits or damage from what the OS X security patches cover. Not so with Windows; Microsoft is continously playing catch-up.
“Because it will still be more profitable for hackers to go after the 15% still stuck on Windows.”
Macaday, that was hysterical! And probably true.
Unfortunately, once 80% have switched, Ballmer will spontaneously explode rendering the NW U.S. uninhabitable for decades. MS has been hoarding towels in anticipation of the massive clean-up the EPA will demand.
Ok, let me get this straight. Because UNIX has been patched for 40 years, it’s no good? Excuse moi? What the heck are UNIX derivatives being used in secure environments for, then? Why are LINUX boxes relied upon so much for web servers and other high-traffic applications? You are saying that the quantity and the severity of bugs being patched in *nix vs. OS X vs. Windows are exactly the same? Stunning falsity. Absolutely stunning.
“Sure, bend over, here it comes. You get a patch that patches a bunch of security holes, and Apple releases such a patch every month or so, and you still think OS X is bulletproof? What planet are you on?”
I on am a planet where there is a certain computing population that has never had a virus or vulnerability exploited.
Mac OS X was released to general public on March 24, 2001. Since it’s release…….ZERO……ZERO……ZERO…I SAY AGAIN….ZERO viruses affecting users in the wild.
Please shut your pie hole and speak only when you can point me to some kind of widespread security issue actually affecting users.
Bye…Take Care
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
All I know is that I’ve been using Mac OS X for 4 years now and have never encountered a single virus or piece of malware that has impacted my system. Nobody running any variant of Windows can say that.
How much does this update cost?
No cost.
“How much does this update cost?”
Exactly zero Zune points.
What ever happened to the month of MacOS X security problems? Did it peter out after four or five daily installments, as predicted??
“Ok, let me get this straight. Because UNIX has been patched for 40 years, it’s no good? Excuse moi? What the heck are UNIX derivatives being used in secure environments for, then? Why are LINUX boxes relied upon so much for web servers and other high-traffic applications? You are saying that the quantity and the severity of bugs being patched in *nix vs. OS X vs. Windows are exactly the same? Stunning falsity. Absolutely stunning.
“
No, I’m saying that anyone who thinks that OS X is invulnerable against even a modestly determined hacker has shit for brains.
From the quality of your posts in general, it’s clear that you personally have shit for brains.
“You are saying that the quantity and the severity of bugs being patched in *nix vs. OS X vs. Windows are exactly the same? Stunning falsity. Absolutely stunning.”
Yes, severe bugs which allow full control of the system pop up in all operating systems on a regular basis.
my main point was that in 40 years of Unix development nobody has yet been able to eliminate the bugs, Nor in 10 years of modern Windows development.
So any one searching for the “Bug Free OS” or “Invulnerable OS” is on a fools errand. Despite buffer overflow attacks as a class having been known for two decades, they still occur in code today, for both Unix and Windows.
Both Mac OS X and Windows now have features to try to help work around such coding problems, which brings us to some key principles. Assume your OS is vulnerable. Assume programmers will mess up. Assume you will be attacked before your OS is patched. Layer your defenses. Build in features to make it harder to exploit coding problems. Build in features to detect and repel intrusions and to minimize the chance of damage if this happens. Vista is a big step up on OS X in this regard.
“never encountered a single virus or piece of malware that has impacted my system. Nobody running any variant of Windows can say that.”
I can say that. There’s a difference between an exploit existing and it affecting you.
Many viruses rely on faulty or lazy or ignorant meatware to execute. And the meatware is the same between OS X and Windows.
Antivirus signatures are usually updated the day after any attack begins, so immunity spreads very quickly. Much more quickly than an OS can be patched.
There have been many exploits for the Mac which would have been big news on Windows systems, but on a Mac the problem (for a virus writer) is that the chances of an infected Mac finding another Mac to infect among the sea of Windows PCs out there are minimal.