Apple Fixes QuickTime Security Vulnerability – But NOT for Windows!

 
The Month of Apple Bugs website’s first vulnerability posting was "Apple Quicktime rtsp URL Handler Stack-based Buffer Overflow" — an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition.
SOLUTION AT THAT TIME: "The only potential workaround would be to disable the rtsp:// URL handler, uninstalling Quicktime or simply live with the feeling of being a potential target for pwnage."
Secunia recently tested Apple’s QuickTime 7.1.3 update and found that the fix was only implemented in the Macintosh version of QuickTime and NOT the version relased for Microsoft Windows (even though Apple’s version numbers and patches are identical)
YOUR SOLUTION TODAY?: Disable QuickTime’s rtsp:// URL handler
    1. From the Windows Control Panel, <Double-Click> QuickTime
    2. <Click> on the Files Types Tab
    3. <Click> Streaming – Streaming Movies
    4. <Uncheck Box> RSTP stream descriptor
    5. <Click> OK
    6. Wait until Apple Fixes the problem

About blakehandler

BLAKE was a Microsoft MVP and award winning programmer with over 20+ years experience providing complete Windows and networking support for small to medium sized businesses. BLAKE is also Jazz Musician and Instructor for residential clients on the Los Angeles West Side.
This entry was posted in Important Updates!. Bookmark the permalink.

1 Response to Apple Fixes QuickTime Security Vulnerability – But NOT for Windows!

  1. Kurt says:

    Wow.  Interesting.  This is one I didn’t know about.  Forgetting for a moment the whole "Windows/Mac competitive" thing, this looks to actually be a serious security concern for all folks responsible for corporate workstations.
     
    I’m commenting on this on my site.  This is something all desktop IT administrators need to be aware of because this intrusion method should be very, very easy to implement on any random web page or any piece of SPAM. 
     
    Very nice catch, Blake.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s