SonicWALL, Inc. a leading secure network infrastructure company, announced today that it has distributed defensive measures to users of its Unified Threat Management (UTM) technology against exploits of a zero-day vulnerability found within Apple's QuickTime media player. SonicWALL first issued signatures designed to protect its subscribers against this critical vulnerability on Tuesday, November 27.
A zero-day stack-based buffer overflow vulnerability in QuickTime, an audio/video application developed by Apple Computer, is currently being exploited by a malicious web site claiming to host a legitimate QuickTime movie. Using a newly published proof-of-concept exploit code, control of the visitor's machine can be taken over.
The problem lies within the 'Content-Type' header field sent by the server, which is not properly checked by the visitor's QuickTime application. When the length of the 'Content-Type' field exceeds a certain length, a Buffer Overflow condition occurs. By carefully constructing the string sent to the application, the malicious server can obtain user privileges on the visitor's machine.
Both Windows and Mac OS users are vulnerable to this exploit since Apple's QuickTime media player can be used on both PCs and Macintoshes. Apple iTunes installations are also affected by this vulnerability because QuickTime is a component of iTunes.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
![Apple Releases New Build of iOS 18 Beta 4 and iPadOS 18 Beta 4 [Download]](/images/news/94387/94387/94387-160.jpg "Apple Releases New Build of iOS 18 Beta 4 and iPadOS 18 Beta 4 [Download]")
![Apple Falls to Sixth Place in Chinese Smartphone Market [Report]](/images/news/94383/94383/94383-160.jpg "Apple Falls to Sixth Place in Chinese Smartphone Market [Report]")
![Apple Commits to President Biden's AI Safety and Security Standards [Report]](/images/news/94382/94382/94382-160.jpg "Apple Commits to President Biden's AI Safety and Security Standards [Report]")
![New 13-inch M2 iPad Air On Sale for $99.01 Off [Lowest Price Ever]](/images/news/94385/94385/94385-160.jpg "New 13-inch M2 iPad Air On Sale for $99.01 Off [Lowest Price Ever]")
![Apple 13-inch M3 MacBook Air (16GB RAM, 512GB SSD) On Sale for $200 Off! [Deal]](/images/news/94379/94379/94379-160.jpg "Apple 13-inch M3 MacBook Air (16GB RAM, 512GB SSD) On Sale for $200 Off! [Deal]")
![Single Apple AirTag On Sale for $23.99 [Deal]](/images/news/94372/94372/94372-160.jpg "Single Apple AirTag On Sale for $23.99 [Deal]")
![Samsung 49-inch Odyssey G93SC OLED Curved Monitor On Sale for $500 Off [Deal]](/images/news/94366/94366/94366-160.jpg "Samsung 49-inch Odyssey G93SC OLED Curved Monitor On Sale for $500 Off [Deal]")
![New 24-inch iMac With M3 On Sale for $150 Off! [Lowest Price Ever]](/images/news/94344/94344/94344-160.jpg "New 24-inch iMac With M3 On Sale for $150 Off! [Lowest Price Ever]")
