QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

Apple has released QuickTime 7.1.6, quickly patching a previously reported serious flaw that affects the handling of Java applets in Mac OS X Web browsers.

The company's description of the patched flaw is as follows:

"An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue."

QuickTime 7.1.6 is available through Software Update, or as a 43.6 MB standalone download.

For information on how to safely apply this update, see our recently published guide "Applying system updates: A minimalist approach."

Problems after applying this update? Please let us know.

  • serious flaw
  • 43.6 MB standalone downloa...
  • "Applying system updates: A minimalist approach."
  • let us know
  • More from Late-Breakers
  • Featured Video
    This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
    Sorry, you are not old enough to view this content.

    Is a 12.9-inch iPad Pro coming soon?

    Apple may be getting ready to unveil the iPad Pro, iPad Mini 4 and a new Apple TV. Also, Google's Nexus refresh starts Sept. 29 and Tesla announces pricing on the Model X SUV.

    by Jeff Bakalar