QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

Apple has released QuickTime 7.1.6, quickly patching a previously reported serious flaw that affects the handling of Java applets in Mac OS X Web browsers.

The company's description of the patched flaw is as follows:

"An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue."

QuickTime 7.1.6 is available through Software Update, or as a 43.6 MB standalone download.

For information on how to safely apply this update, see our recently published guide "Applying system updates: A minimalist approach."

Problems after applying this update? Please let us know.

Resources
  • serious flaw
  • 43.6 MB standalone downloa...
  • "Applying system updates: A minimalist approach."
  • let us know
  • More from Late-Breakers
  •  

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Want affordable gadgets for your student?

    Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!