We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
75,052 News Articles

Apple fixes QuickTime security bugs

Fix protects web browser's memory

Apple posted a security update for its QuickTime media technology yesterday. The update fixes two issues found with the application that could allow an outsider to execute code and disclose sensitive information.

According to Apple the first issue is with an implementation problem in QuickTime for Java, "which may allow instantiation or manipulation of objects outside the bounds of the allocated heap". When a user goes to a web page containing a maliciously crafted Java applet, a hacker could trigger the flaw leading to arbitrary code execution.

This issue has been fixed by performing additional validation of Java applets.

The second issue may lead to the disclosure of sensitive information. Again, using an issue with QuickTime for Java, this flaw could allow a web browser's memory to be read by a Java applet. This update addresses the issue by clearing memory before allowing it to be used by Java applets.

Security Update (QuickTime 7.1.6) 1.0 is available via the Software Update mechanism in Mac OS X.

www.macworld.com


IDG UK Sites

Samsung Gear 2 review: Classy Tizen smartwatch is too expensive

IDG UK Sites

Eight possible names for the next version of Mac OS X: What will Apple call the follow-up to Maveri?......

IDG UK Sites

Why our gadgets will kill us all: bleating notifications, too many chargers and the proliferation...

IDG UK Sites

Inside Twitter's new design and ad offerings