Apple patches two QuickTime holes

Powered by SC Magazine
 

Java flaws affect Mac and Windows versions.

Apple has released a security update addressing two vulnerabilities in its QuickTime multimedia player.

Mac OS X and Windows versions of the software are both affected, and the flaws could lead to unintentional disclosure of information or the ability to remotely execute malware.

The first fix addresses a flaw in the handling of JavaScript applets that could allow for remote code execution.

The exploit occurs when an attacker directs the user to a web page containing a specially crafted Java applet. The update allows the software to check and prevent the launch of the malformed code.

The second vulnerability also lies within the Java component of QuickTime. Apple said that unpatched versions of QuickTime fail to clear browser memory, possibly allowing a malicious Java applet to capture whatever information is being stored.

Apple's update forces QuickTime to clear the memory before an untrusted applet can be run.

Windows users can download the update from Apple's support website. Mac users can get the update through the OS X Software Update component. 

JavaScript flaws were also at the root of Apple's last QuickTime update. That patch was issued just 11 days after an independent researcher discovered and wrote an exploit for a QuickTime flaw in under 12 hours.  

Late last year, a QuickTime flaw was used to launch a major phishing attack on MySpace.

Copyright ©v3.co.uk


Apple patches two QuickTime holes
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1130

Vote