Home > Security News > Apple tackles a new QuickTime flaw
Security News:
EMAIL THIS LICENSING & REPRINTS

Apple tackles a new QuickTime flaw

By Bill Brenner, Senior News Writer
30 May 2007 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

For the second time in a month, Apple Inc. has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

In the latest instance, Apple has patched two flaws in the media player. The first is a design error attackers could exploit using Java code to allow the subclassing of QuickTime objects that call unsafe functions from QTJava.dll. The second problem is a design error in how Java applets are handled.

Apple Quicktime flaws:
Mac hack tied to Apple QuickTime flaw: A researcher won a Mac hacking contest by exploiting a hole in Apple QuickTime. The flaw is also a threat to those who use Firefox, Safari and Windows.

Apple fixes QuickTime flaw: As Apple releases a fix for the QuickTime flaw at the heart of a Mac hacking contest, Gartner issues a statement saying such contests are bad for security.

Apple fixes multiple QuickTime flaws: Attackers could exploit multiple flaws in Apple QuickTime to run malicious code and take control of targeted machines, but a security update is available.

Danish vulnerability clearinghouse Secunia said in an advisory that attackers could exploit the flaws to run malicious code and read browser memory on Windows and Mac OS X systems when a user visits a malicious Web site using a Java-enabled browser.

Secunia said the solution is to install QuickTime 7.1.6.

Earlier this month, Apple fixed a QuickTime flaw that made big headlines after a security researcher used it to hijack a Mac machine as part of a hacking contest at the CanSecWest conference.

The contest was designed to raise awareness of the threats facing Mac users, who tend to see Apple's OS as a more secure alternative to Microsoft Windows and its much-attacked Internet Explorer browser, conference organizers said. But since the contest, researchers have determined that the QuickTime flaw threatens both the Mac and Windows operating systems and that any Java-enabled browser is a viable route of attack, whether it's Safari, Mozilla Firefox or Internet Explorer.

Tags: Mac OS SecuritySecuring Productivity ApplicationsApplication Attacks (Buffer Overflows, Cross-Site Scripting)VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts