We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,721 News Articles

Apple fixes QuickTime security bugs

Fix protects web browser's memory

Apple posted a security update for its QuickTime media technology yesterday. The update fixes two issues found with the application that could allow an outsider to execute code and disclose sensitive information.

According to Apple the first issue is with an implementation problem in QuickTime for Java, "which may allow instantiation or manipulation of objects outside the bounds of the allocated heap". When a user goes to a web page containing a maliciously crafted Java applet, a hacker could trigger the flaw leading to arbitrary code execution.

This issue has been fixed by performing additional validation of Java applets.

The second issue may lead to the disclosure of sensitive information. Again, using an issue with QuickTime for Java, this flaw could allow a web browser's memory to be read by a Java applet. This update addresses the issue by clearing memory before allowing it to be used by Java applets.

Security Update (QuickTime 7.1.6) 1.0 is available via the Software Update mechanism in Mac OS X.

www.macworld.com


IDG UK Sites

Top 5 Android tips and tricks for smartphones and tablets

IDG UK Sites

How to join Apple's OS X Beta Seed Program: Get OS X Yosemite on your Mac before public release

IDG UK Sites

Why the BBC iPlayer outage was caused by a DDoS attack: Topsy and Tim isn't *that* popular

IDG UK Sites

BBC using Glasgow 2014 Commonwealth Games to trial 4K/UHD, pan-around video, augmented video and...