More Java Security Problems Found in QuickTime 7.1.6
This is the second time this month that Apple has fixed QuickTime holes.Apple is recommending that all QuickTime usersboth on Windows and Mac OS Xdownload its update for Version 7.1.6 to fix a pair of security glitches. The company posted the updates on May 29. One of the first two problems, in QuickTime for Java, can lead users to having their systems hijacked if they visit a malicious site. The flaw can allow instantiation or manipulation of objects outside of the bounds of the allocated heap. If a user gets lured to a site containing a maliciously crafted Java applet, an attacker can trigger the vulnerability and take over the target system. The second glitch also is related to QuickTime for Java in that a Web browsers memory can be read by a Java applet. Like the other problem, a user has to visit a site with a maliciously crafted Java applet. Upon luring a victim to such a site, an attacker can take advantage of the vulnerability and thereby may be able to read sensitive information off the victims system.
This is the second time this month that Apple has fixed QuickTime holes. Earlier in May, Apple patched the QuickTime hole that allowed hackers at the CanSecWest security show to take over a MacBook Pro in a Pwn-2-Own contest on April 20.