May 2, 2007
Of QuickTime updates and exploits
Posted May. 2, ’07, 9:47 AM PT by Dan Moren
Category | Security
Scott clued you in yesterday to Apple’s release of QuickTime 7.1.6, which adds a couple of new features, including support for Final Cut Studio 2 and the addition of timecode and closed captioning display in QuickTime (could an answer to Kate’s (and my own) prayers be on the way?).
But the big news was, of course, the fix for the bug in QuickTime for Java that raised all the hubbub at CanSecWest. Here’s what Apple had to say on the security content of QuickTime 7.1.6:
An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue.Hey, look, credit where credit’s due. And a quick turnaround on the patch (just ten days from exploit to patch). Man, Apple is totally not serious about security, right? Whadya say to that, Mr. Maynor?
1 Comments
Leave a comment
Recent Entries
Zune hits 2m sales, still way, way short of iPod sales
Back to My Mac helps theft victim reclaim her Mac
Macworld reviews the Open Computer and we've had enough of it
Apple patent reveals the possibility of a 3D remote control
New iMacs get the benchmarking treatment by Macworld
Solved mysteries: MacBook USB ports solve your Cylon infestation
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun. (Plus, we've got columns by Andy Ihnatko!)
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- on Zune hits 2m sales, still way, way short of iPod sales
- on Zune hits 2m sales, still way, way short of iPod sales
- Eric on Zune hits 2m sales, still way, way short of iPod sales
- Anonymous 2 on GTA 4 totally disses Apple
- Anonymous2 on Zune hits 2m sales, still way, way short of iPod sales
- doc on Back to My Mac helps theft victim reclaim her Mac
Categories
- Apple (169)
- Advertising (132)
- Events (197)
- Huh? (139)
- Humor (228)
- News (126)
- People (222)
- Rivals (333)
- Speculation (134)
- Steve Jobs (141)
- Stores (166)
- Apple TV (50)
- Business (371)
- Games (128)
- Geekery (406)
- Hardware (830)
- Accessories (52)
- Intel Macs (157)
- Ihnatko (18)
- Internet (373)
- Legal (193)
- MacUser (87)
- Money (152)
- Music (310)
- Podcasting (97)
- Photography (66)
- Security (203)
- Software (1356)
- Updates (451)
- Tips (320)
- Troubleshooting (172)
- Video (353)
- Windows (189)
- iPhone (174)
- iPod (557)
- iPod Accessories (86)
- iPod Software (56)
- iTunes (96)
- iTunes Store (375)
Archives
- May 2008 (59)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
IDG NETWORK:
Don't forget Messrs Kevin Finisterre and LMH :)