Apple fixes two QuickTime flaws

Written by James Delahunty @ 31 May 2007 7:54 User comments (3)

Apple Inc. has fixed more serious security bugs with QuickTime. This time, users tricked into visited malicious webpages could either have their privacy breached or worse, have arbitrary code executed on their computers. The patches released are for both Microsoft's Windows operating systems and the Mac platforms.

The worst of the two involved QuickTime's implementation of Java, which could allow for the manipulation of objects outside what should be allowed by the allocated heap. "By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution," Apple said in this advisory.

The second flaw deals also deals with how QuickTime works with Java, and can lead to a user's web browser information being stolen, possibly putting sensitive information at risk. Apple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.

Source:
Reg Hardware

<PayPlay launches "the world's largest MP3 download store" >Set-top boxes and DTVs soon to get 60 FPS and 1080p decoding

3 user comments

11.6.2007 12:11

thekingo7

Send private message to this user

Senior Member

Quote:
pple gave credit to John McDonald, Paul Griswold, and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for reporting the flaws.

Gave them credit?? I'm sure a small portion of the computer populace knew about this before these guys came along.

21.6.2007 19:18

borhan9

Send private message to this user

AfterDawn Addict

Well thanxs for the update im going to update my quicktime now if it has flaws like this atm :)

328.6.2007 06:09

Unfocused

Send private message to this user

Member

At least they take the time to fix these vulnerabilities.

Comments have been disabled for this article.

	YouTube Premium starts showing ads to subscribers (13 Nov 2024 3:09) For years, YouTube Premium has been marketed as a way to enjoy an ad-free YouTube experience. But apparently, that is no longer the case, as Premium subscribers are now starting to see ads on the platform.
	Android 16 will launch sooner than expected (01 Nov 2024 6:45) Google announced that upcoming Android 16 will break the traditional once-a-year cycle of major Android launches. Next Android is poised to launch in Q2 of 2025, so Android 16 should ship before end of June, 2025.
	Winamp ends its "open source" project that wasn't really open source (20 Oct 2024 11:12) Less than a month after the legendary MP3 player Winamp made its source code public, the company has made a sudden U-turn and removed its code from distribution. 2 user comments
	Winamp released its source code - but didn't go open source (25 Sep 2024 12:38) The source code of Winamp has now been officially released. However, it hasn't become a pure open-source project, as its licensing terms prohibit the creation of new, different versions.
	Does your phone rattle? Here's why it happens (25 Aug 2024 8:30) When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

	What IP rating for dust and water resistance means An IP classification (such as IP68) is given to mobile phones, Bluetooth speakers, and other devices, but what do these classifications mean? 1 user comment
	Guide: Is Your Wi-Fi Sluggish or Slow? Here's How to Fix Do you have problems with you Wi-Fi? Slow connection or is it cutting off constantly? This guide aims to remedy these problems. 1 user comment
	GUIDE: Wi-Fi speeds are slow? Here are some tips Having problems with Wi-Fi speed and stability at home? Here are some tips to follow to alleviate the issues. 1 user comment
	What happens if you don't update Android? Sometimes it can be tempting to avoid updating to a new Android version. What happens if you decide to delay major updates to the OS?
	Does your phone rattle? Here's why it happens When you shake your phone and hear a light rattle, clatter, or jingle, it's likely not broken. The culprit is probably the optical image stabilization (OIS) system in your phone's camera, meaning everything is functioning as it should. 2 user comments

Apple fixes two QuickTime flaws

3 user comments

Latest news

Reviews

Guides

News archive

Subscribe

Sections:

Follow us:

	Roborock S8 MaxV Ultra review - obstacle avoidance doesn't work as it should, otherwise almost perfect robot vacuum We put the Roborock S8 MaxV Ultra through a very, very long review process. The $1800 mopping robot vacuum is almost perfect, but its obstacle avoidance was surprisingly bad, considering the price - and compared to its competitors.
	Sharge x OnePlus Pouch review: Beautiful power bank that supports SuperVOOC charging In our review, we take a look at Sharge's power bank that supports OnePlus SuperVOOC quick charging technology as well as standard USB PD charging. It has small design flaws, but despite those, the Pouch is very nice product. 1 user comment
	Roomba Combo j7+ review - Clever trick allows robot vacuum finally to tackle home with rugs and carpets Roomba Combo j7+ is the very first Roomba model to combine robot vacuum with mopping features. And Roomba Combo j7+ does all that with a very clever trick, which tackles the problem with mopping and carpets. But is it any good? We found out.