Apple patches two critical QuickTime for Java flawsOn the heels of last week's Mac OS X security update, Apple on Tuesday released another software patch that the company is recommending for all users of its latest QuickTime media software.
Security Update (QuickTime 7.1.6)
The release, available as a 1.4MB download for Macs and 1.1MB download for Windows PCs, patches two open gashes in the version of QuickTime for Java that ships with QuickTime 7.1.6.
In particular, Apple said a design issue exists in the Java software which may allow a web browser's memory to be read by a Java applet. Therefore, by enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information from recent browser sessions. Apple said it has addressed the issue in the security update by clearing memory before allowing it to be used by untrusted Java applets.
Meanwhile, the Mac maker said a second implementation issue discovered in QuickTime for Java may allow malicious websites to trigger arbitrary code execution. The company said the update addresses the issue by performing additional validation of Java applets.
Security Update 2007-005
The QuickTime for Java fix comes just five days after Apple released Security Update 2007-005 for both its Mac OS X Tiger (15.7MB download for PowerPC Macs, 29.2MB download for Intel Macs) and Mac OS X Panther operating systems (56MB download for Panther Server and 42.5MB download for Panther client).
For Tiger users, the security updated patched issues with bind, CarbonCore, CoreGraphics, crontabs, fetchmail, file, iChat, mDNSResponder, PPP, ruby, screen, texinfo, and VPN.
For Panther users, the update addresses issues with bind, CarbonCore, crontabs, fetchmail, file, iChat, ruby, screen, texinfo, and VPN.
On Topic: General
- Kate Winslet, others rumored to join cast of upcoming Steve Jobs movie
- Led by Whole Foods shoppers, Apple Pay accounted for 1% of digital payment dollars in November
- Apple slams BBC report on suppliers, says provided facts were 'clearly missing' from broadcast
- Apple CEO Tim Cook gives 'substantial' sum to gay rights initiative
- Undercover video shows alleged worker rights violations at Apple supplier