Apple to update QuickTime 7.7.8 for Windows has eliminated a total of nine vulnerabilities that allow attackers to execute arbitrary code. It is reported Securitylab.
Gaps were discovered by specialists of Cisco Talos Ryan Penty and Richard Johnson, experts from Fortinet FortiGuard Labs, a private security team of Apple and researcher under the pseudonym WalkerFuz. The presence of security vulnerabilities CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, CVE-2015-5779, CVE-2015-5785, CVE-2015-5786, envisioned to carry out the emergency shutdown QuickTime or to execute arbitrary code in the operating system
According to experts Cisco Talos, gaps existed because of an error of memory corruption in the handling of media files.
“Apple QuickTime contains multiple vulnerabilities memory corruption. With the help of specially generated file .MOV attacker can carry out an emergency shutdown of the application”, – stated in the security Bulletin Cisco Talos.
Earlier this month, Apple released updates to their products OS X, OS X Server, iOS, and Safari, which eliminated a total of 100 vulnerabilities. According to the Internet portal, shortly after the release of an update of the Italian hacker Luca Todesco reported zero-day vulnerability in OS X Yosemite that allows local privilege escalation. The flaw affects all versions of the operating system.
The hacker did not inform Apple about their discovery, published an exploit for the vulnerability on its developer portal GitHub. Apparently, in Cupertino are already aware of the problem, because in the new operating system OS X El Capitan gap is now fixed.