Apple fixes holes in QuickTime for Java

Apple last week patched two flaws in QuickTime for Java. The patches fix holes in both the Windows and Mac OS X operating systems.

Share

Apple last week patched two flaws in QuickTime for Java. The patches fix holes in both the Windows and Mac OS X operating systems.

One QuickTime for Java flaw could leave you open to a drive-by download just by visiting a malicious website and triggering a booby-trapped Java applet.

The other, less dangerous hole, could expose the contents of your browser's memory to a miscreant's view. Apple didn't give away lot of details about how these holes could be exploited.

Vulnerable versions are QuickTime 7.1.5 and older. The good news is that if you don't have Java installed, you can't be attacked. Alternatively, you could disable Java. But there's no need to if you get Apple's updated (patched) version 7.1.6.

"Recommended For You"

First QuickTime patch of 2008 Apple issues massive security patch