QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

QuickTime 7.1.6 released: Resolves CanSecWest Java flaw

Apple has released QuickTime 7.1.6, quickly patching a previously reported serious flaw that affects the handling of Java applets in Mac OS X Web browsers.

The company's description of the patched flaw is as follows:

"An implementation issue exists in QuickTime for Java, which may allow reading or writing out of the bounds of the allocated heap. By enticing a user to visit a web page containing a maliciously-crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional bounds checking when creating QTPointerRef objects. Credit to Dino Dai Zovi working with TippingPoint and the Zero Day Initiative for reporting this issue."

QuickTime 7.1.6 is available through Software Update, or as a 43.6 MB standalone download.

For information on how to safely apply this update, see our recently published guide "Applying system updates: A minimalist approach."

Problems after applying this update? Please let us know.

  • serious flaw
  • 43.6 MB standalone downloa...
  • "Applying system updates: A minimalist approach."
  • let us know
  • More from Late-Breakers
  • Featured Video

    Common battery myths that need to die

    Sharon Profis busts a few overplayed battery myths on "You're Doing it All Wrong."

    by Sharon Profis