Apple issues a security update for Quicktime 7.1.6

Updates include both Windows and Mac versions of the popular media software.

by Robert Vamosi May 29, 2007 1:51 PM PDT

Today, Apple released a security update for Quicktime 7.1.6, further removing a vulnerability first used by a security researcher in April to win $10,000 and a new Macbook in the "PWN 2 0WN" contest at CanSecWest 2007. This security update complements an earlier bug patch for Quicktime 7.1.6 released by Apple on May 1, 2007. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2. The 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 and Mac OS X v10.4.9.

The vulnerability, as reported in CVE-2007-2175, allows attackers to entice users to a Web site with a maliciously coded Java applet and then run attack code on a compromised machine. The Apple security update places further parameter limitations on QTPointerRef objects in Apple Quicktime Java extensions within the Safari and Firefox browsers, denying these types of attacks. Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.

Don't Miss

How Facebook's Zucked-up IPO just killed the tech bubble
Internet & Media
Is NFC killing Google Wallet?
Mobile
Top-rated reviews of the week
Slideshow
iPad case with a secret identity
Review

CNET Conversations

Driving into the future at VW's Electronics Research Lab

CNET editor at large Brian Cooley goes behind the scenes with Peter Oel, director of Volkswagen Electronics Research Lab, to show you how Silicon Valley is changing the way we drive, from the latest in infotainment systems to new 3D technologies being used for design.

Play Video

Apple issues a security update for Quicktime 7.1.6

Don't Miss

Featured Posts

Most Popular

About News Blogs

RSS

my Yahoo

Google

MSN

CNET Mobile Apps