New Software Security
Apple Finally Patches Year-old QuickTime Flaw
The flaw, which affects Windows XP and Windows Vista machines, opens up a backdoor that could enable a hacker to break into Firefox.
The company released an update for the Windows version of QuickTime media player on Wednesday afternoon to patch what Apple calls a “command injection issue” in the way the media player handles URLs. The flaw, which affects Windows XP and Windows Vista, was first disclosed in September of 2006 by Petko D. Petkov, a penetration tester.
Mozilla soon confirmed that the year-old unpatched QuickTime vulnerability opens up a backdoor that could enable a hacker to break into Firefox. Then just six days after the proof-of-concept code was released, Mozilla updated Firefox to fix the problem. “This will protect Firefox users from the public critical security vulnerability until a patch is available from Apple,” wrote Window Snyder, Mozilla’s top security executive, in her blog.
Now, nearly a month after the proof-of-concept code was posted, Apple has released a fix for the vulnerability. The issue does not affect computers running Mac OS X even if they have a Firefox browser, according to Apple.
Apple has issued at least four separate patch updates for QuickTime in the last several months.
