Apple issues a security update for Quicktime

QuickTimeSoftware Update

Apple released a security update for QuickTime 7.1.6, correcting a vulnerability used by a security researcher in April to win US$10,000 and a new MacBook at CanSecWest 2007.

This security update complements an bug patch for Quicktime 7.1.6 released on 1st May.

The vulnerability, as reported in the summary CVE-2007-2175, allows attackers to entice users to a Web site with a maliciously coded Java applet and then run attack code on a compromised machine.

Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.


Posted by Antony at May 29, 2007 11:54 PM

>> more MacCentre701 May 2007 reports.