By Tim Gray MacNewsWorld Part of the ECT News Network
05/30/07 4:49 PM PT
Apple's new patch for its media player QuickTime prevents hackers from taking control of an unpatched computer from a remote location. Users caught without the security update could see trouble, according to Zippy Aima, research analyst with Frost & Sullivan. The patches apply to the Mac OS X and Windows versions of QuickTime.
Learn How You Can Protect Your Virtual Datacenter With Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™ infrastructure, you can mitigate risk and maximize the benefits of virtualization. Get the free eBook to learn how.
Apple (Nasdaq: AAPL) released patches for two flaws, one considered a serious hole, in its QuickTime media player -- just one week after releasing a bug catcher for the Mac OS X operating system.
The security fix to QuickTime 7.1.6 addresses two issues in the way QuickTime works on the Java platform.
The more serious problem could allow hackers to take control of an unpatched computer from a remote location.
"By enticing a user to visit a Web page containing a maliciously crafted Java applet, an attacker can trigger the issue, which may lead to arbitrary code execution," Apple said in a security alert.
Other Problems
The second bug is considered to be less critical, yet somewhat dangerous, as it could allow an attacker to see sensitive information contained in the Web browser's memory. In that case, Java may allow malicious Web sites to trigger arbitrary code execution.
The update addresses the issue by performing additional validation of Java applets, the company said. The latest QuickTime update is available for both Mac OS and Windows users.
An unpatched flaw could cause plenty of problems for users unaware of the holes, according to Zippy Aima, a research analyst with Frost & Sullivan.
"Apple has always been pretty responsive to security threats, but users caught not paying attaching to the patches could find some trouble," Aima told MacNewsWorld.
Patching All Versions of QuickTime
The patches apply to the Mac OS X and Windows versions of QuickTime, and they can be downloaded from the company's site manually, according to Apple. Mac users can also retrieve them with the operating system's software update feature or use the optional Apple Software Update utility on Windows.
Earlier this month, security outfit Secunia said one in three installed copies of QuickTime were not fully patched, making it three times more likely to pose a threat than Internet Explorer and six times more likely than Firefox.
In an alert of its own, Symantec (Nasdaq: SYMC) pointed out that the new vulnerabilities were especially appealing to attackers because they affect both Macs and Windows-based PCs.
Keeping Guard
Apple's security team has been busy lately, as the company last week released Security Updates 2007-005 for its Mac OS X Tiger and Mac OS X Panther operating systems.
The Mac OS X patches fixed 17 flaws, several of which were considered to be critical.
Apple's automatic software updates for Windows and Mac OSes can deliver the updates to computers or can be downloaded manually.
Apple Releases New OS Bug Catcher May 25, 2007
Apple has released another set of security patches, its fifth in as many months. The computer maker, however, still has made no indication that it will move to a regularly scheduled patch release day, as Microsoft has done with its monthly Patch Tuesday. That may have something to do with Patch Tuesday's unintended consequence: Zero-Day Wednesday.
Related Stories
Apple Makes Quick Work of QuickTime Bug May 02, 2007
On Tuesday, Apple issued an update for its media player QuickTime that fixes a flaw hackers could use to exploit Mac and PC computers. The flaw was originally made public last month when security experts at a conference used it to win $10,000 in a hack-a-Mac contest. The issue has raised questions about the safety of exposing security flaws in such public forums.
Apple QuickTime Patches Fuel Security Debate March 06, 2007
Apple this week issued eight security patches for its free QuickTime media player. The vulnerabilities in the program and are for both Mac OS X and Windows versions. Apple last released a patch for QuickTime in January. It also released an update to iTunes -- iTunes 7.1.
Related News Alerts
More by Tim Gray
Blockbuster Lowers Subscriptions Rates June 13, 2007
Blockbuster will now offer a new plan allowing customers to place online orders to rent three movies at a time for $16.99, a dollar less than its previous top-tiered offering, called Total Access. The movies are mailed to the customer. Blockbuster is losing money on the online business but says it will be profitable next year as orders rise.
Toshiba Slashes HD DVD Sales Targets June 12, 2007
Toshiba now expects to sell 44 percent fewer HD DVD players than forecast this year. The slump comes at a critical time for the company, as the market still has not shown which high definition disc player format will dominate. Blu-ray Disc technology, rival of the HD DVD format, already has a foothold in 170 major companies.
Jobs: We Also Make Computers June 12, 2007
Apple provided at its annual developer conference a peek at some of the 300 new features of "Leopard," the company's latest operating system, which is slated for October release. The computer maker will also make its Safari Web browser available for users of Microsoft's Windows operating system.
Headline Feeds
Talkback: 
