Technology news and Jobs
Information Technology News
Apple plugs QuickTime RTSP hole
Information Technology News
Apple plugs QuickTime RTSP hole | Apple plugs QuickTime RTSP hole |
|
|
| by Stephen Withers | |
| Monday, 17 December 2007 | |
|
"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," said Apple officials. The flaw had been exploited to attack Windows systems, though the vulnerability is also present in the Mac OS X version of QuickTime. The update also fixes a buffer overflow vulnerability in the handling of QTL files, and multiple vulnerabilities in the Flash handler. "With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe," Apple officials said. It would seem that either the Flash patch is a temporary measure while Apple develops real fixes for the issues raised by various security researchers, or the company has decided to drop the curtain on Flash support in QuickTime, leaving it to Adobe's software. Separate QuickTime updaters were released for Mac OS X 10.3 Panther, 10.4 Tiger and 10.5 Leopard, as well as one for Windows Vista and XP SP2. In related news, Apple also released Java Release 6 for Mac OS X 10.4. Security issues feature among the changes delivered by this update. One Mac-specific issue addressed is the way malicious applets could add or remove items from the user's keychain without prompting, but the update also includes version 1.5.0_13 of Java 2 SE 5.0 (as found in Mac OS X 10.5), which fixes multiple vulnerabilities. However, Apple's implementation of Java is still behind the curve. The current version of J2SE 5.0 is 1.5.0_14, which includes a long list of bug fixes for _13. The updates can be obtained via Software Update (Apple Software Update on Windows) or from Apple Downloads .
Get stories like this delivered daily - FREE - subscribe now
|
| < Next story in category | Previous story in the category > |
|---|
- 

Tags





