Does the new QuickTime 0-day mean Apple has Problems with Patching?
In the past Microsoft has been criticised for poor vulnerability patching (by not patching the underlying vulnerability that is causing a problem and then having to reissue patches as attackers adjust and attack), and it is a criticism that has also been levied against Apple with the handling of different mDNSResponder vulnerabilities. Recently disclosed vulnerability information regarding another RTSP handling problem in QuickTime could be a sign of a similar problem brewing. RTSP vulnerabilities were patched no less than four times in the last twelve months (Security Update 2007-001, Security Update 2007-004, Darwin Streaming Server 5.5.5, and QuickTime 7.3.1), and it seems that there are still opportunities for remote code execution within the RTSP code handling routines. A minor blessing with the latest vulnerability disclosure seems to be that the vulnerability does not appear to affect the latest version of OS X (10.5.1), at least according to early reports from third party teste
Related Questions
- I heard that children diagnosed with autistic spectrum disorders have sensory processing problems. Does that mean my baby who has sensory processing problems will be autistic?
- Apple says that eventually all Macintosh computers will run System 7.0. Does that mean that all Macintosh computers will eventually be shipped with two megabytes of RAM?
- What does full reconveyance mean?
