Apple Patches QuickTime Yet Again
35 Comments
For the third time this year, Apple has released a security update for its QuickTime media player, which corrects a flaw that could lead to code execution. The vulnerability was discovered as part of a "Hack a Mac" contest at the CanSecWest security conference earlier this month.
According to Apple, a problem exists in QuickTime for Java that allows reading or writing out of the bounds of the allocated heap. As a result, a malicious Java applet on a Web site could result in a full system compromise. QuickTime 7.1.6 resolves the issue, and is available for both Windows and Mac OS X.