News Stay informed about the latest enterprise technology news and product updates.

Apple tackles a new QuickTime flaw

For the second time in a month, Apple has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

For the second time in a month, Apple Inc. has been forced to fix a QuickTime flaw attackers could exploit to access sensitive system data and run malicious code.

In the latest instance, Apple has patched two flaws in the media player. The first is a design error attackers could exploit using Java code to allow the subclassing of QuickTime objects that call unsafe functions from QTJava.dll. The second problem is a design error in how Java applets are handled.

Apple Quicktime flaws:
Mac hack tied to Apple QuickTime flaw: A researcher won a Mac hacking contest by exploiting a hole in Apple QuickTime. The flaw is also a threat to those who use Firefox, Safari and Windows.

Apple fixes QuickTime flaw: As Apple releases a fix for the QuickTime flaw at the heart of a Mac hacking contest, Gartner issues a statement saying such contests are bad for security.

Apple fixes multiple QuickTime flaws: Attackers could exploit multiple flaws in Apple QuickTime to run malicious code and take control of targeted machines, but a security update is available.

Danish vulnerability clearinghouse Secunia said in an advisory that attackers could exploit the flaws to run malicious code and read browser memory on Windows and Mac OS X systems when a user visits a malicious Web site using a Java-enabled browser.

Secunia said the solution is to install QuickTime 7.1.6.

Earlier this month, Apple fixed a QuickTime flaw that made big headlines after a security researcher used it to hijack a Mac machine as part of a hacking contest at the CanSecWest conference.

The contest was designed to raise awareness of the threats facing Mac users, who tend to see Apple's OS as a more secure alternative to Microsoft Windows and its much-attacked Internet Explorer browser, conference organizers said. But since the contest, researchers have determined that the QuickTime flaw threatens both the Mac and Windows operating systems and that any Java-enabled browser is a viable route of attack, whether it's Safari, Mozilla Firefox or Internet Explorer.

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.