Apple tackles a new QuickTime flaw


Apple tackles a new QuickTime flaw

Bill Brenner, Senior News Writer
For the second time in a month, Apple has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

In the latest instance, Apple has patched two flaws in the media player. The first is a design error attackers could exploit using Java code to allow the subclassing of QuickTime objects that call unsafe functions from QTJava.dll. The second problem is a design error in how Java applets are handled.

Apple Quicktime flaws:
Mac hack tied to Apple QuickTime flaw: A researcher won a Mac hacking contest by exploiting a hole in Apple QuickTime. The flaw is also a threat to those who use Firefox, Safari and Windows.

Apple fixes QuickTime flaw: As Apple releases a fix for the QuickTime flaw at the heart of a Mac hacking contest, Gartner issues a statement saying such contests are bad for security.

Apple fixes multiple QuickTime flaws: Attackers could exploit multiple flaws in Apple QuickTime to run malicious code and take control of targeted machines, but a security update is available.

Danish vulnerability clearinghouse Secunia said in an advisory that attackers could exploit the flaws to run malicious code and read browser memory on Windows and Mac OS X systems when a user visits a malicious Web site using a Java-enabled browser.

Secunia said the solution is to install QuickTime 7.1.6.

Earlier this month, Apple fixed a QuickTime flaw that made big headlines after a security researcher used it to hijack a Mac machine as part of a hacking contest at the CanSecWest conference.

The contest was designed to raise awareness of the threats facing Mac users, who tend to see Apple's OS as a more secure alternative to Microsoft Windows and its much-attacked Internet Explorer browser, conference organizers said. But since the contest, researchers have determined that the QuickTime flaw threatens both the Mac and Windows operating systems and that any Java-enabled browser is a viable route of attack, whether it's Safari, Mozilla Firefox or Internet Explorer.

Related Topics: PC hardware, VIEW ALL TOPICS

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy