troubleshooting/tutorials/security

05/29/2007, 4:30pm, EDT

Tuesday, May 29th

Apple plugs two QuickTime security flaws

Apple today updated its QuickTime multimedia software by fixing two important security holes that, if left unpatched, could lead to the disclosure of sensitive information or allow a potential attacker to take over a Mac or Windows system running the affected software. The update repairs the implementation issue in QuickTime for Java, which could allow instantiation or manipulation of objects outside the bounds of the allocated heap. In layman's terms, malicious users could use the bug to steal information or take over an unrepaired system. The update performs additional validation of Java applets to prevent arbitrary code execution, and clears memory before allowing it to be used by untrusted Java applets to prevent information theft. [updated]

A security researcher in late April pointed out that Apple had failed to patch two zero-day QuickTime flaws discovered more than a year earlier, but issued a security update on May 1st addressing a critical issue with QuickTime for Java.

Apple last week plugged 17 other security holes in Mac OS X Panther and Tiger, shoring up security concerns in an attempt to make good on the promise of superior Mac security. Various security analysts have warned that Mac users are not immune to security risks, despite popular belief amongst Mac owners themselves. Analysts point to Apple's low market share as one primary reason that the company hasn't come under nearly as much fire from malicious users as Microsoft's Windows system, and predict that the Cupertino-based company will face increasing attacks as it gains more share in the computer market.


Filed under: troubleshooting

, , comment, del.icio.us, slashdot, digg, buzz


post a comment
Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article




Expand All   Global Settings
Be the first to post comments on this story.
Your Comments

In order to post comments: If you are a registered member, please login with your MacNN Forums username and password otherwise please uncheck the checkbox below.


Registered Member?
macnn forums login:

macnn forums password:

Not a member of the MacNN forums? Register now for free.

MacNN iPodNN Electronista
top searches
1. apple
2. iphone
3. apple TV
4. ipod
5. mac
6. BBC
7. icons
8. icon
9. macbook
10. leopard
search for more ..
RSS Feeds

Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.



  MacNN -all

  MacNN Reviews

  MacNN Podcasts

  iPodNN

  Electronista

  Left Lane News

VMware Fusion for $59.99 - limited time offer: Run Windows on a Mac without rebooting with VMware Fusion

Check Out the VIERA from Panasonic!: Enter a New Visual Era with Panasonic VIERA HDTVs. An Enhanced Experience.

Join The MyView IT Research Panel: Members will receive opportunities to take part in surveys from today's leading businesses.

Get an IT Degree Online: Get solid credentials. Take your hobby to the next level. Adult Programs. Affordable.

Buy from The Apple Store, iTunes.com, Amazon.com, TechDepot, OfficeDepot, Computers4Sure, or donate.