MAC: Hi, I’m a MAC
PC: And I’m a PC…
PC: What’s wrong MAC? You look a little ill
MAC: Well PC, you see I am not as cool and together as I would like to mislead consumers to think.
Steve, you know my Dad… well um he and his gang has had to stitch me up to fix some problems I have… *mumbling* fourth time this week….
Wouldn’t we all like to see that ad?
It seems that at Apple even their fixes are no fixes; no sooner had they patched up QuickTime and OSX when a new Heap Overflow Vulnerability was discovered. This hole in the coolest OS allows for the execution of remote code and can be used to crash browsers and applications using the QuickTime plug-in.
According to Intego, this the new flaw has collateral affects to all applications in OS-X that use the QucikTime plug-in such as Mail, iTunes, Safari, FireFox,, etc. The attacker could simply put a QuickTime media file on their website that would enable them to execute arbitrary malicious code on affected systems.
Proof of concept code was presented by a blogger know as “securefrog” which could potentially could be used with this flaw.
To make matters worse this was discovered after Apple released a patch covering some 34 vulnerabilities in OSX 10.5.5 and additional patches and updates for both QuickTime and iTunes.