Apple issues a security update for Quicktime 7.1.6

Updates include both Windows and Mac versions of the popular media software.

Today, Apple released a security update for Quicktime 7.1.6, further removing a vulnerability first used by a security researcher in April to win $10,000 and a new Macbook in the "PWN 2 0WN" contest at CanSecWest 2007. This security update complements an earlier bug patch for Quicktime 7.1.6 released by Apple on May 1, 2007. The 1.1Mb Windows Quicktime 7.1.6 update affects users of Windows 2000 SP4, and Windows XP SP2. The 1.4 Mb Mac Quicktime 7.1.6 update affects users of Mac OS X v10.3.9 and Mac OS X v10.4.9.

The vulnerability, as reported in CVE-2007-2175, allows attackers to entice users to a Web site with a maliciously coded Java applet and then run attack code on a compromised machine. The Apple security update places further parameter limitations on QTPointerRef objects in Apple Quicktime Java extensions within the Safari and Firefox browsers, denying these types of attacks. Apple credits security researcher Dino Dai Zovi, working with TippingPoint and the Zero Day Initiative, for his help in resolving this issue.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.


    Discuss Apple issues a security update for Quicktime 7.1.6

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    QindredCam captures the moment so you don't have to (pictures)
    Huawei MediaPad X2
    ZTE Grand S3 wants you to look at it for unlocking (pictures)
    Huawei Talkband N1
    Up close with Huawei's bling-sprinkled TalkBand B2 (pictures)
    Cheap and cheerful Huawei Y360 circles back (pictures)