We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,079 News Articles

Apple fixes QuickTime security bugs

Fix protects web browser's memory

Apple posted a security update for its QuickTime media technology yesterday. The update fixes two issues found with the application that could allow an outsider to execute code and disclose sensitive information.

According to Apple the first issue is with an implementation problem in QuickTime for Java, "which may allow instantiation or manipulation of objects outside the bounds of the allocated heap". When a user goes to a web page containing a maliciously crafted Java applet, a hacker could trigger the flaw leading to arbitrary code execution.

This issue has been fixed by performing additional validation of Java applets.

The second issue may lead to the disclosure of sensitive information. Again, using an issue with QuickTime for Java, this flaw could allow a web browser's memory to be read by a Java applet. This update addresses the issue by clearing memory before allowing it to be used by Java applets.

Security Update (QuickTime 7.1.6) 1.0 is available via the Software Update mechanism in Mac OS X.

www.macworld.com


IDG UK Sites

Swatch to release its own line of smartwatches to rival iWatch

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

Miranda July's Somebody app offers a very unusual take on messaging

IDG UK Sites

The 7 most ridiculous iPhone 6 rumours: what Apple WON'T reveal on 9 September