Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Apple

Apple

Apple Rolls Out The Security Updates

QuickTime Java Exploit plugged in record time...

By Victor Mihailescu, Apple News Editor

2nd of May 2007, 12:07 GMT

Adjust text size:



Enlarge picture
Despite many people saying that Apple doesn't take security as seriously as it should, Apple continues to deliver security updates in a very timely manner, closing up holes before exploits
for them can be found out in the wild. On Tuesday, Apple released Security Update 2007-004 v1.1, AirPort Extreme Update 2007-003 and a QuickTime 7.1.6 update.

All three updates fix issues and improve the security of various system components, and are recommended for all users.

Of particular interest is the QuickTime update, that fixes the much talked about exploit used in the "PWN to OWN" competition. The issue, that was initially reported as browser-related was later revealed to be in the way that QuickTime interacts with Java, and thus being both browser and platform independent.

According to the update notes:

An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue.


The QuickTime update is available for both Mac OS X and Windows, while the other two are for OS X only. Many security experts have accused Apple of being slow to react to vulnerabilities and close holes in their software, but the speed with which Apple issued this update speaks for itself, especially considering that they have updates both for OS X and Windows.

Despite the vulnerability being potentially serious, there was no exploit in the wild for it, and now it has been patched. Users who disabled Java to avoid any possible issues can turn it safely back on after updating.

TAGS:

 Apple | QuickTime | Security


Rating:
Good (3.2/5) 7 vote(s) so far    

Read by 841 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Apple Releases Security Update 2007-004

CanSecWest Adds $10,000 to 'Hack a Mac' Contest Pot

Latest Mac Security Calamity

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

You are not logged on. Please provide your name and email address.
Log on to get your comments posted and visible instantly.
Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive