On Tuesday, Apple released a security update for its QuickTime media software. The patch, a 1.4 megabyte download, repairs two issues in which an outside user could both execute malicious code as well as access critical information on a Mac.
According to Macworld News, the outside code issue could have been triggered via a specifically-crafted Java applet, which could trigger arbitrary code. Apple has apparently added a supplemental validation process for Java applets to work against this.
A second exploit, which also used a hole in Apple’s then-current QuickTime for Java code, could allow a web browser’s memory (i.e., “history”) to be read by a Java applet. The fix clears the browser’s memory prior to allowing it to be accessed via Java applets.
For more information on Apple QuickTime 7.1.6 Security Update 1.0, click here.
The update can also be accessed via Mac OS X’s Software Update feature and requires Mac OS X 10.3.9 or later to run.
If you’ve downloaded the update and have positive or negative feedback either way, let us know.
On Tuesday, Apple released a security update for its QuickTime media software. The patch, a 1.4 megabyte download, repairs two issues in which an outside user could both execute malicious code as well as access critical information on a Mac.
According to Macworld News, the outside code issue could have been triggered via a specifically-crafted Java applet, which could trigger arbitrary code. Apple has apparently added a supplemental validation process for Java applets to work against this.
A second exploit, which also used a hole in Apple’s then-current QuickTime for Java code, could allow a web browser’s memory (i.e., “history”) to be read by a Java applet. The fix clears the browser’s memory prior to allowing it to be accessed via Java applets.
For more information on Apple QuickTime 7.1.6 Security Update 1.0, click here.
The update can also be accessed via Mac OS X’s Software Update feature and requires Mac OS X 10.3.9 or later to run.
If you’ve downloaded the update and have positive or negative feedback either way, let us know.