ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Apple fixes QuickTime vulnerability

Joris Evers CNET News.com

Published: 02 May 2007 09:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Apple on Tuesday released a QuickTime update to fix a security flaw that was used to breach a MacBook Pro at a recent security conference.

The media player vulnerability lies in QuickTime for Java, Apple said in a security alert. The hole could be exploited through a rigged website and let an attacker commandeer computers running both Mac OS X and Windows, the Mac maker said.

Sentry Posts Blog

Sentry Posts Blog
Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more +

"By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue, which may lead to arbitrary code execution," Apple said. Only computers running an unfixed version of QuickTime would be at risk.

Security monitoring company Secunia deems the flaw "highly critical", one notch below its most serious rating. The update, QuickTime 7.1.6, repairs the problem by performing additional checking. Apple credits bug hunter Dino Dai Zovi and the TippingPoint Zero Day Initiative for reporting the issue.

Apple's fix comes just over a week after the vulnerability was used to grab a $10,000 prize and a MacBook Pro in a hack-a-Mac contest at the CanSecWest conference in Vancouver, British Columbia.

Security researcher Shane Macaulay worked with Dai Zovi to break into the Mac and took home the computer. Dai Zovi subsequently submitted the bug to TippingPoint, which sweetened the competition by offering a $10,000 bounty through its Zero Day Initiative programme.

Apple on Tuesday also put out an updated version of a security update originally released last month. Version 1.1 of the 2007-004 patch repairs a couple of problems with the original fix, which may cause wireless connections to drop and allow limited FTP users access beyond their privileges on an Apple FTPServer, Apple said in another alert.

Apple's security updates are available through the Software Update application in its operating system and QuickTime software and from the Apple website.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
7 out of 7 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Sales / IT Sales / Internal Sales Representative - Global Sales

Customer focused & results orientated - At least 3 years sales experience with good sales track record, preferably in the IT sector - Excellent ...

Integration Test Engineer

Work with the internal and external suppliers to validate software component and system functionality, and to identify and fix issues that arise. In ...

Linux Lead Engineer (MySQL, RedHat, Apache, Mail, DNS, SMTP, Linux) West London

Lead Engineers are expected to take initiative in issues and probe deeper into problems to fix root causes to prevent reoccurrence. Linux Lead ...

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers

Sentry Posts Blog

Mobile Linux Better For Mobile Busines...

Mobile Linux Better For Mobile Business Apps? Author: Eric Everson, MyMobiSafe.com As mobile Linux is carving it’s footprint on the future of mobile application development, the... More

Post a comment

DWP downplays security breach

The Department for Work and Pensions (DWP) has admitted that some of its staff have been forwarding passwords with password protected material. An email that was leaked on the 'Dizzy... More

Post a comment

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation