Site Network: | | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

QuickTime - Remote hacker automatic control data theft

Version: 7.1.5 and prior.
Technical Details:

A heap overflow affecting QuickTime for Java can lead to arbitrary code execution, while a second issue addresses a memory leak from QuickTime for Java, which can allow a remote user to read arbitrary sections of the browser memory (potentially disclosing sensitive data in the browser).


Apple have released an updated version of the QuickTime media codec to address two serious issues with QuickTime for Java support. The vulnerabilities can lead to a remote attacker being able to take control of a vulnerable system in the worst case, and allow remote attackers to gain access to sensitive information in the second case.


Update to QuickTime 7.1.6 as soon as possible, either via the Product Updates link, or via the Software Update application (Apple Menu->Software Update)




External Tracking Data:

CVE-ID: CVE-2007-2388 CVE-ID: CVE-2007-2389

Social bookmark this page