For the second time in a month, Apple has been forced to
fix a
QuickTime flaw attackers could exploit to access sensitive
system data and run malicious code.In the latest instance,
Apple has patched two flaws in the media
player. The first is a design error attackers could exploit
using Java code to allow the subclassing of QuickTime objects
that call unsafe functions from QTJava.dll. The second problem
is a design error in how Java applets are handled.
 |
| Apple Quicktime flaws: |
Mac hack tied to Apple QuickTime flaw: A researcher won a Mac
hacking contest by exploiting a hole in Apple QuickTime. The flaw
is also a threat to those who use Firefox, Safari and
Windows.
Apple fixes QuickTime flaw: As Apple
releases a fix for the QuickTime flaw at the heart of a Mac
hacking contest, Gartner issues a statement saying such contests
are bad for security.
Apple fixes multiple QuickTime flaws:
Attackers could exploit multiple flaws in Apple QuickTime to run
malicious code and take control of targeted machines, but a
security update is
available. |
|
| |
|
Danish vulnerability clearinghouse
Secunia said in an advisory that attackers
could exploit the flaws to run malicious code and read browser
memory on Windows and Mac OS X systems when a user visits a
malicious Web site using a Java-enabled browser.
Secunia said the solution is to install QuickTime 7.1.6.
Earlier this month, Apple fixed a QuickTime flaw that made big
headlines after a security researcher used it to
hijack a Mac machine as part of a hacking
contest at the CanSecWest conference.
The contest was designed to raise awareness of the threats
facing Mac users, who tend to see Apple's OS as a more secure
alternative to Microsoft Windows and its much-attacked Internet
Explorer browser, conference organizers said. But since the
contest, researchers have determined that the QuickTime flaw
threatens both the Mac and Windows operating systems and that any
Java-enabled browser is a viable route of attack, whether it's
Safari, Mozilla Firefox or Internet Explorer.