14 DAY TRIAL // Apple's multimedia player, QuickTime, has a highly critical flaw that can allow an attacker to obtain private information about an affected computer. The vulnerability exists in the versions prior to 7.1.6 and affects both Windows and Mac OS X systems. There is not much to do because you're required to update your application to version 7.1.6, a recently released edition available on Apple's website. The parent company also published a security advisory to provide more information about the flaw, saying that it could be exploited by tricking the user into visiting a malicious website. Obviously, the page contained a dangerous Java applet that tried to exploit the flaw.
"An implementation issue exists in QuickTime for Java, which may allow instantiation or manipulation of objects outside the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of Java applets," Apple sustained in the security advisory.
Some time ago, QuickTime was continuously brought in the spotlights because the application was the subject of numerous security advisories. Every once in a while, the security companies from all over the world discovered more or less critical vulnerabilities in QuickTime that could allow an attacker to exploit an affected system. As we expected, most of them were quickly patched by the parent company so there were only a few cases of successful exploitations.
This month was quite important for the evolution of the threats because more and more applications are affected by vulnerabilities, no matter whether they are compression tools, audio players or antivirus products. All of them are only making our computers more vulnerable so it is very important to keep the program up to date and install the latest patches.