Apple updates QuickTime security; Samba still vulnerable

Stephen Withers
Wednesday, 30 May 2007 12:55

Your IT - Home IT

Apple has released security updates for QuickTime 7.1.6 for Mac OS X and Windows.

The updates fix a pair of flaws in QuickTime for Java which allowed malicious applets to cause arbitrary code execution or to capture potentially sensitive information stored in memory by the browser.

In related news, Symantec has alerted users of Mac OS X to a flaw in the version of Samba - used for sharing Mac OS X files with Windows computers - shipped by Apple.

"The DeepSight Threat Analyst Team successfully exploited the heap corruption vulnerability on a fully patched Mac OS X 10.4.9 system running the default Samba 3.0.10 application," the company has told customers.

Since Apple has not updated Samba for two years, Symantec recommends users download and install Samba 3.0.25 (or later) from www.samba.org, or at least disable Windows Sharing until Apple does issue an update.

Mac binaries are not available from the site, so it appears necessary to build the binary from the source files, a task many users would find daunting.