toggle

AAPL Stock: 112.01 ( -0.53 )

Printed from http://www.macnn.com

Apple plugs two QuickTime security flaws

updated 04:30 pm EDT, Tue May 29, 2007

QuickTime security update

Apple today updated its QuickTime multimedia software by fixing two important security holes that, if left unpatched, could lead to the disclosure of sensitive information or allow a potential attacker to take over a Mac or Windows system running the affected software. The update repairs the implementation issue in QuickTime for Java, which could allow instantiation or manipulation of objects outside the bounds of the allocated heap. In layman's terms, malicious users could use the bug to steal information or take over an unrepaired system. The update performs additional validation of Java applets to prevent arbitrary code execution, and clears memory before allowing it to be used by untrusted Java applets to prevent information theft. [updated]

A security researcher in late April pointed out that Apple had failed to patch two zero-day QuickTime flaws discovered more than a year earlier, but issued a security update on May 1st addressing a critical issue with QuickTime for Java.

Apple last week plugged 17 other security holes in Mac OS X Panther and Tiger, shoring up security concerns in an attempt to make good on the promise of superior Mac security. Various security analysts have warned that Mac users are not immune to security risks, despite popular belief amongst Mac owners themselves. Analysts point to Apple's low market share as one primary reason that the company hasn't come under nearly as much fire from malicious users as Microsoft's Windows system, and predict that the Cupertino-based company will face increasing attacks as it gains more share in the computer market.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lackin ...

toggle

Most Commented