Apple fixes two QuickTime flaws

Apple fixes two QuickTime flaws
Apple Inc. has fixed more serious security bugs with QuickTime. This time, users tricked into visited malicious webpages could either have their privacy breached or worse, have arbitrary code executed on their computers. The patches released are for both Microsoft's Windows operating systems and the Mac platforms.

The worst of the two involved QuickTime's implementation of Java, which could allow for the manipulation of objects outside what should be allowed by the allocated heap. "By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution," Apple said in this advisory.



The second flaw deals also deals with how QuickTime works with Java, and can lead to a user's web browser information being stolen, possibly putting sensitive information at risk. Apple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.

Source:
Reg Hardware


Written by: James Delahunty @ 31 May 2007 19:54
Advertisement - News comments available below the ad
  • 3 comments
  • thekingo7

    Quote:pple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.Gave them credit?? I'm sure a small portion of the computer populace knew about this before these guys came along.

    1.6.2007 12:11 #1

  • borhan9

    Well thanxs for the update im going to update my quicktime now if it has flaws like this atm :)

    1.6.2007 19:18 #2

  • Unfocused

    At least they take the time to fix these vulnerabilities.

    28.6.2007 06:09 #3

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud