Apple Fixes Darwin Streaming Server Security Flaw

Apple Inc. released released Darwin Streaming Server 5.5.5 on Thursday. The updated version of the open source streaming media server application addressed two potential security flaws that could allow an attacker to execute arbitrary code on the server computer.

Both flaws could result in a heap buffer overflow triggered by a maliciously-crafted RTSP request. Once initiated, the buffer overflow could potentially cause Darwin Streaming Server to unexpectedly quit, or allow an attacker to run unauthorized code on the attacked machine.

Darwin Streaming Server 5.5.5 is free and available for download at the Apple Developer Web site.