“An Italian security researcher has posted a proof-of-concept exploit for a zero-day vulnerability in the most current version of Apple’s QuickTime media software (7.3.1),” Thomas Claburn reports for InformationWeek.
“Luigi Auriemma, noted among other things for discovering a vulnerability in the Unreal Engine in 2004, on Thursday posted details about producing a buffer overflow error in QuickTime. Buffer overflows can often be exploited by attackers to compromise the affected system,” Claburn reports.
“‘The bug is a buffer-overflow and the return address can be fully overwritten so a malicious attacker could use it for executing malicious code on the victim,’ Auriemma said in an e-mail. The vulnerability affects both Windows and Mac OS X versions of Apple’s QuickTime software,” Claburn reports.
Full article here.
[Thanks to MacDailyNews Reader “RadDoc” for the heads up.]