|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Apple issues a security update for Quicktime By Robert Vamosi, CNET News.com May 30, 2007 URL: http://www.zdnet.com.au/news/security/soa/Apple-issues-a-security-update-for-Quicktime/0,130061744,339277964,00.htm
in brief Apple today released a security update for Quicktime 7.1.6, removing a vulnerability used by a security researcher in April to win US$10,000 and a new Macbook at CanSecWest 2007. This security update complements an bug patch for Quicktime 7.1.6 released by Apple early this month. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2, while the 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 and Mac OS X v10.4.9. The vulnerability, as reported in the summary CVE-2007-2175, allows attackers to entice users to a Web site with a maliciously coded Java applet and then run attack code on a compromised machine. The update places further parameter limitations on QTPointerRef objects in Apple Quicktime Java extensions within the Safari and Firefox browsers, denying these types of attacks. Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
