Apple releases QuickTime security update
Published: 30 May 2007 13:41 BST
Apple released a security update for QuickTime 7.1.6 on Tuesday, further removing a vulnerability first used by a security researcher in April to win $10,000 (£5,064) and a new MacBook in the "PWN to OWN" contest at CanSecWest 2007.
This security update complements an earlier bug patch for QuickTime 7.1.6 released by Apple on 1 May, 2007. The 1.1MB Windows QuickTime 7.1.6 update affects users of Windows 2000 SP4 and Windows XP SP2. The 1.4MB Mac QuickTime 7.1.6 update affects users of Mac OS X v10.3.9 and Mac OS X v10.4.9.
The vulnerability, as reported in a security alert from the US National Vulnerability Database, allows attackers to entice users to a website with a maliciously coded Java applet and then run attack code on a compromised machine. The Apple security update places further parameter limitations on QTPointerRef objects in Apple QuickTime Java extensions within the Safari and Firefox browsers, denying these types of attacks. Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.
Did you find this article useful?
2 out of 2 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
