{"id":410,"date":"2008-09-18T15:39:01","date_gmt":"2008-09-18T14:39:01","guid":{"rendered":"http:\/\/blog.intego.com\/?p=410"},"modified":"2008-09-18T15:39:01","modified_gmt":"2008-09-18T14:39:01","slug":"quicktime-bug-discovered-may-be-vector-for-attack","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/","title":{"rendered":"QuickTime Bug Discovered: May Be Vector for Attack"},"content":{"rendered":"<p><img src=\"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg\"><\/p>\n<p>Apple&#8217;s QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug has already been discovered that may be used as a vector for malicious attacks. <\/p>\n<p>The &#8220;&lt;? quicktime type= ?&gt;&#8221; tag fails to handle long strings, which can lead to a heap overflow in QuickTime Player, iTunes, or any other program that attempts to display media using a QuickTime plug-in. This can be a browser, such as Apple&#8217;s Safari, Microsoft Internet Explorer or Mozilla Firefox, or, on Mac OS X, could be any program that displays graphics or movies inline, such as Mail, or even the Finder if a user tries to view a file with Quick Look. For now, files which contain offending strings will crash programs attempting to display them, but malicious code could be added to such files, and may be executed with no user interaction, other than an attempt to view a file.<\/p>\n<p>This bug can be remote or local, as QuickTime parses any supplied file for a recognized header even if the header does not correspond to the file type; for example, a malicious user could put XML content in an MP4 or MOV file, or could add a QuickTime media file to a web page which could then cause a browser to crash while executing malicious code.<\/p>\n<p>Intego&#8217;s Virus Monitoring Center is keeping a close eye on this bug and whether malicious users are attempting to add payload to QuickTime files. Intego will naturally update the virus definitions for <a href=\"https:\/\/www.intego.com\/virusbarrier\/\">Intego VirusBarrier X5<\/a> if this occurs. In the meantime, we&#8217;ll be posting more information here as we discover more about the extent of this bug. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple&#8217;s QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug has already been discovered that may be used as a vector for malicious attacks. The &#8220;&lt;? quicktime type= ?&gt;&#8221; tag fails to handle long strings, which can [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Apple&#039;s QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"QuickTime Bug Discovered: May Be Vector for Attack - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Apple&#039;s QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2008-09-18T14:39:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/\",\"name\":\"QuickTime Bug Discovered: May Be Vector for Attack - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage\"},\"datePublished\":\"2008-09-18T14:39:01+00:00\",\"dateModified\":\"2008-09-18T14:39:01+00:00\",\"description\":\"Apple's QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"QuickTime Bug Discovered: May Be Vector for Attack\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"QuickTime Bug Discovered: May Be Vector for Attack\",\"datePublished\":\"2008-09-18T14:39:01+00:00\",\"dateModified\":\"2008-09-18T14:39:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage\"},\"wordCount\":294,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg\",\"articleSection\":[\"Apple\",\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Apple's QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/","og_locale":"en_US","og_type":"article","og_title":"QuickTime Bug Discovered: May Be Vector for Attack - The Mac Security Blog","og_description":"Apple's QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug","og_url":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/","og_site_name":"The Mac Security Blog","article_published_time":"2008-09-18T14:39:01+00:00","og_image":[{"url":"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/","name":"QuickTime Bug Discovered: May Be Vector for Attack - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage"},"datePublished":"2008-09-18T14:39:01+00:00","dateModified":"2008-09-18T14:39:01+00:00","description":"Apple's QuickTime, the media software used to play music and movies on Mac OS X and Windows, has recently been update to version 7.5.5, but a serious bug","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"QuickTime Bug Discovered: May Be Vector for Attack"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"QuickTime Bug Discovered: May Be Vector for Attack","datePublished":"2008-09-18T14:39:01+00:00","dateModified":"2008-09-18T14:39:01+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#webpage"},"wordCount":294,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/quicktime-bug-discovered-may-be-vector-for-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/images\/qticon.jpg","articleSection":["Apple","Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0626bfb4ada576ba5aa775322329ad47?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-6C","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/410"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=410"}],"version-history":[{"count":0,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/410\/revisions"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}