Skip to main content

Apple iTunes QuickTime players loopholes

A heap overflow vulnerability in Apple Computer iTunes and QuickTime media players is triggered when playing a specially crafted .mov file will cause the heap overflow. This warning was released by Tom Ferris of #.

Ferris said he flagged the issue to Apple more than a month ago but only received a cursory confirmation that the bug was being investigated. As per policy, Apple does not comment on security issues until a patch is available.

Download and play these proof-of-concept [.mov files] to trigger the crash, showing the control of memory.

Crash QuickTime Player
Crash Apply iTunes and QuickTime Player

Security alerts aggregator Secunia Inc. has slapped a "moderately critical" rating on the vulnerability and warned iTunes and QuickTime users to avoid opening ".mov" files from untrusted sources.

The Ferris discovery is not the first QuickTime/iTunes bug that remains unpatched. eEye Digital Security, a research outfit based in Aliso Viejo, Calif., lists three high-risk Apple flaws on its upcoming advisories Web page. [via]