AfterDawn: Tech news

Apple fixes two QuickTime flaws

Written by James Delahunty (Google+) @ 31 May 2007 19:54 User comments (3)

Apple fixes two QuickTime flaws Apple Inc. has fixed more serious security bugs with QuickTime. This time, users tricked into visited malicious webpages could either have their privacy breached or worse, have arbitrary code executed on their computers. The patches released are for both Microsoft's Windows operating systems and the Mac platforms.
The worst of the two involved QuickTime's implementation of Java, which could allow for the manipulation of objects outside what should be allowed by the allocated heap. "By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution," Apple said in this advisory.

The second flaw deals also deals with how QuickTime works with Java, and can lead to a user's web browser information being stolen, possibly putting sensitive information at risk. Apple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.

Source:
Reg Hardware

Previous Next  

3 user comments

11.6.2007 12:11

Quote:
pple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.
Gave them credit?? I'm sure a small portion of the computer populace knew about this before these guys came along.

21.6.2007 19:18

Well thanxs for the update im going to update my quicktime now if it has flaws like this atm :)

328.6.2007 6:09

At least they take the time to fix these vulnerabilities.

Comments have been disabled for this article.

News archive