Apple’s latest security update for Mac OS X includes a series of patches to Quicktime designed to stop the movie playback software from being exploited to launch a malicious attack. How do you turn a non-executable movie into dangerous executable code?
Sophos security guru Paul Ducklin explains how the structure of MOV files makes them potentially vulnerable to stack overflow errors, and why this matters. It’s a detailed and interesting read, and worth checking out if you’re not familiar with how this kind of exploit works.
For programmers, there’s also a timeless reminder: “Remember that you can never have too much error-checking.” Hit the link for the full post.