May 30, 2007
YAQTSU: Yet another Quicktime security update (and more)
Posted May. 30, ’07, 3:53 AM PT by Derik DeLong
Category | Security
Considering its recent track record, YAQTSU is a phrase we may very well need to become familiar with. Apple introduced Security Update (QuickTime 7.1.6) yesterday. It includes fixes for two issues relating to the Java access afforded by Quicktime.
- CVE-ID: CVE-2007-2388: Visiting a malicious website may lead to arbitrary code execution
- CVE-ID: CVE-2007-2389: Visiting a malicious website may lead to the disclosure of sensitive information
More information is found at the update’s web page. This is one of those rare updates that doesn’t force the user into rebooting the computer, so go ahead and kick it off while you keep reading. It was a mere 1.9MB when I downloaded it, but it’s 1.4MB when downloaded for standalone usage.
I hope I’m wrong about this, but I expect we’ll be seeing many more updates like this in coming months. It’s become really clear that the Quicktime to Java bridge is rife with problems.
In other security news, Samba (the software that enables Windows file sharing in Mac OS X) has a vulnerability that exposes Macs to possible buffer overflow exploits. You can try updating it yourself, disabling Windows file sharing, or, my personal favorite, hide your Mac behind a router and any outside connection attempts.
Recent Entries
Ch-ch-ch-ch-changes afoot at MacUser
The Macalope Weekly: Leopards and monopolies and DRM! Oh, my!
Apple levels DMCA on iPodhash project
iPod touch users get second classed again with the omission of new Maps features
Apple Pro Applications Update 2008-004 makes your day
iTunes v8.0.2 comes riding on the coattails of iPhone firmware v2.2
About MacUser
MacUser is your source for news, info, and opinion about Apple, the Mac, and the iPod. Our dedicated team of bloggers covers everything that is relevant to Mac users — and, okay, some stuff that’s not quite relevant, but is still a lot of fun.
Subscribe/RSS
- Blog Posts
- Blog Comments
- Podcast (RSS) (iTunes)
Tip us off!
- Email: macuser [at] macuser [dot] com
Recent Comments 
- Dave Barnes on Ch-ch-ch-ch-changes afoot at MacUser
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
- johnnydfred on iPod touch users get second classed again with the omission of new Maps features
- on iPod touch users get second classed again with the omission of new Maps features
- Neurotic Nomad on Apple levels DMCA on iPodhash project
- Dan Moren on iPod touch users get second classed again with the omission of new Maps features
Categories
- Apple (234)
- Advertising (162)
- Events (235)
- Huh? (182)
- Humor (259)
- News (148)
- People (258)
- Rivals (405)
- Speculation (167)
- Steve Jobs (172)
- Stores (206)
- Apple TV (58)
- Business (451)
- Games (143)
- Geekery (460)
- Hardware (935)
- Accessories (79)
- Intel Macs (162)
- Ihnatko (18)
- Internet (463)
- Legal (244)
- MacUser (94)
- Macalope (8)
- Money (177)
- Music (344)
- Podcasting (100)
- Photography (74)
- Security (246)
- Software (1544)
- Updates (538)
- Tips (352)
- Troubleshooting (189)
- Video (403)
- Windows (219)
- iPhone (199)
- iPod (602)
- iPod Accessories (96)
- iPod Software (61)
- iTunes (128)
- iTunes Store (443)
Archives
- November 2008 (91)
- October 2008 (138)
- September 2008 (151)
- August 2008 (177)
- July 2008 (175)
- June 2008 (171)
- May 2008 (185)
- April 2008 (234)
- March 2008 (217)
- February 2008 (215)
- January 2008 (239)
- December 2007 (169)
- November 2007 (164)
- October 2007 (187)
- September 2007 (167)
- August 2007 (195)
- July 2007 (152)
- June 2007 (223)
- May 2007 (243)
- April 2007 (286)
- March 2007 (288)
- February 2007 (250)
- January 2007 (266)
- December 2006 (244)
- November 2006 (293)
- October 2006 (307)
- September 2006 (250)
- August 2006 (268)
- July 2006 (288)
- June 2006 (293)
- May 2006 (297)
- April 2006 (351)
- March 2006 (366)
- February 2006 (110)
- January 2006 (107)
- December 2005 (23)
Mac Publishing Sites
Links
Leave a comment