Apple patches QuickTime
The vendor fixes two security vulnerabilities in Apple's QuickTime, which attackers can exploit to trigger malicious code on the computer with the use of crafted websites. The vulnerabilities affect QuickTime 7.1.6 for both Mac OS X as well as for Windows.
Once again the faults affect QuickTime for Java. This is similar to the vulnerability in QuickTime version 7.1.6, which was discovered during the Hack-a-Mac competition and which has been fixed. It potentially allows attackers to access out-of-bounds objects, to manipulate them or to even create their own objects. A second vulnerability can allow Java applets to read the browser's memory in order to gain possession of confidential data.
Apple is distributing the patch over the automatic software update. The vendor has also made the patch available for downloading.
- About Security Update (QuickTime 7.1.6), security report from Apple
- QuickTime update (1,4 MByte) for Mac OS X 10.3.9 and 10.4.9
- QuickTime update (1,1 MByte) for Windows