We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,713 News Articles

Apple fixes QuickTime security bugs

Fix protects web browser's memory

Apple posted a security update for its QuickTime media technology yesterday. The update fixes two issues found with the application that could allow an outsider to execute code and disclose sensitive information.

According to Apple the first issue is with an implementation problem in QuickTime for Java, "which may allow instantiation or manipulation of objects outside the bounds of the allocated heap". When a user goes to a web page containing a maliciously crafted Java applet, a hacker could trigger the flaw leading to arbitrary code execution.

This issue has been fixed by performing additional validation of Java applets.

The second issue may lead to the disclosure of sensitive information. Again, using an issue with QuickTime for Java, this flaw could allow a web browser's memory to be read by a Java applet. This update addresses the issue by clearing memory before allowing it to be used by Java applets.

Security Update (QuickTime 7.1.6) 1.0 is available via the Software Update mechanism in Mac OS X.

www.macworld.com


IDG UK Sites

Google Fit vs Apple Health Kit: What's the difference?

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Introducing generation tech

IDG UK Sites

This animated film reveals the importance of designing for everyone