No. 1 Story
HP job cuts loom for Australian employees
A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.
read moreRelated Articles
Adoption of cloud computing has reached a tipping point - but don’t expect legacy...
In yet another blow to the Facebook IPO this week, following the withdrawal of...
Recruitment technology and social media have played a significant role in growing business in...
Fancy a 4G Windows Phone? Your wait may be over next Tuesday when Telstra...
D-Link's new All-in-one Mobile Companion lives up to its name for those who travel...
More From
Apple plugs QuickTime RTSP hole
Stephen Withers
Monday, 17 December 2007 00:55
"This update addresses the issue by ensuring that the destination buffer is sized to contain the data," said Apple officials.
The flaw had been exploited to attack Windows systems, though the vulnerability is also present in the Mac OS X version of QuickTime.
The update also fixes a buffer overflow vulnerability in the handling of QTL files, and multiple vulnerabilities in the Flash handler.
"With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe," Apple officials said.
It would seem that either the Flash patch is a temporary measure while Apple develops real fixes for the issues raised by various security researchers, or the company has decided to drop the curtain on Flash support in QuickTime, leaving it to Adobe's software.
Separate QuickTime updaters were released for Mac OS X 10.3 Panther, 10.4 Tiger and 10.5 Leopard, as well as one for Windows Vista and XP SP2.
In related news, Apple also released Java Release 6 for Mac OS X 10.4. Security issues feature among the changes delivered by this update.
One Mac-specific issue addressed is the way malicious applets could add or remove items from the user's keychain without prompting, but the update also includes version 1.5.0_13 of Java 2 SE 5.0 (as found in Mac OS X 10.5), which fixes multiple vulnerabilities.
However, Apple's implementation of Java is still behind the curve. The current version of J2SE 5.0 is 1.5.0_14, which includes a long list of bug fixes for _13.
The updates can be obtained via Software Update (Apple Software Update on Windows) or from Apple Downloads .
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
