• On MovieTome: First Look: Jessica Alba in 'Machete'!
May 29, 2007 1:51 PM PDT

Apple issues a security update for Quicktime 7.1.6

by Robert Vamosi
  • Font size
  • Print
  • Post a comment

Today, Apple released a security update for Quicktime 7.1.6, further removing a vulnerability first used by a security researcher in April to win $10,000 and a new Macbook in the "PWN 2 0WN" contest at CanSecWest 2007. This security update complements an earlier bug patch for Quicktime 7.1.6 released by Apple on May 1, 2007. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2. The 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 and Mac OS X v10.4.9.

The vulnerability, as reported in CVE-2007-2175, allows attackers to entice users to a Web site with a maliciously coded Java applet and then run attack code on a compromised machine. The Apple security update places further parameter limitations on QTPointerRef objects in Apple Quicktime Java extensions within the Safari and Firefox browsers, denying these types of attacks. Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security,

Apple,

Media

Tags:

security,

apple,

quicktime

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Performance showdown: Windows 7 vs. Snow Leopard
Apple plugs holes for domain spoofing, other attacks
Free alternatives to Adobe Reader
Finding the catch in 'free' software
Apple releases OS X 10.6.2 and Security Update 2009-006
Firefox's crossroads: Cutting-edge or mainstream?
Update: Reports of Flash playback issues in new 27-inch iMacs surface
Mac Mini: Here To Serve
advertisement

As alternative energy grows, NIMBY greens

With more renewable energy projects trying to come online, the country grapples with the balance between local land use and a national push for clean energy.

Google to remake programming with Go

A Unix co-creator is among those behind a language Google hopes will speed computers and programming. Today, Go becomes open-source software.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET