A security hole in Apple's
QuickTime media player
could put users at risk of buffer overflow attacks, the computer maker
warned in an advisory.
Apple released a fix for the QuickTime issue along with patches for seven other flaws in the Mac OS X that could lead to security bypass, exposure of sensitive information, Denial-of-Service attacks and system compromise.
According to the advisory, the QuickTime flaws were detected in the way the media player decodes BMP image types. A successful attacker could overwrite heap memory and potentially allow the execution of arbitrary code hidden in an image.
Independent research firm Secunia rates the Mac OS X vulnerabilities as "highly critical."https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The mega patch also plugs a hole in the operating system's AFP Server, which can be exploited by guest users to disconnect AFP volumes by sending specially crafted SessionDestroy packets.
Apple said it also found a vulnerability in CUPS and warned that an attacker could trigger DoS attacks or steal users' passwords from log files.
The company also released patches for a security issue in the NetInfo Manager utility that may result in an incorrect indication of the root account being disabled. Apple also corrected a security issue in postfix with "SMTPD AUTH" enabled.