Apple recently patched up more critical security bugs with QuickTime. Currently, users swindled into visited nasty webpages may either get their privacy infringed or worse; get arbitrary code carried out on their PCs. The fixes released are for both Microsoft’s Windows operating systems and the Mac platforms.
The nastier of the two caught up QuickTime’s execution of Java, which might make an allowance for the exploitation of objects outside what is supposed to be enabled by the allocated heap. Apple said in this advisory,
By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution.
The 2nd vulnerability deals also handles how QuickTime functions with Java, and can show the way to a user’s web browser info being pilfered, probably jeopardizing sensitive info. Apple provides credit to John McDonald, Paul Griswold and Tom Cross of IBM Internet Security Systems X-Force and Dyon Balding of Secunia Research for revealing the vulnerabilities.
