Apple flaw count for 2007: 111 and counting

Apple flaw count for 2007: 111 and counting

Summary: Apple has slapped another patch on its QuickTime media player to plug two serious security vulnerabilities.

SHARE:
TOPICS: Apple, Open Source
172

Apple has slapped another patch on its QuickTime media player to plug two serious security vulnerabilities.quicktime

The QuickTime 7.1.6 update, available for both Mac and Windows users, addresses a pair of implementation flaws in QuickTime for Java, the architecture that provides APIs for developers to build multimedia into applications and applets.

The more serious of the two flaws could allow code injection attacks if a user is tricked into browsing to a malicious Web page.

The bug, reported by researchers from IBM ISS X-Force and Secunia, could allow instantiation or manipulation of objects outside the bounds of the allocated heap. "By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution," Apple said in an advisory.

The second flaw is a design issue n QuickTime for Java that could allow a Web browser's memory to be read by a Java applet.

"By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information," Apple said.

The latest update brings the Apple patch count for 2007 up to 111.

Topics: Apple, Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

172 comments
Log in or register to join the discussion
  • HAHAHAHAHA!!!

    Wow, you sure do get great security when you pay twice as much for a Mac!!

    OUCH!!!!

    Come on apologists, tell us all why this is no big deal!
    NonZealot
    • Easy

      Never had anti-virus. Never had anti-spyware. Never had an attack. Simple. Get a Mac, and don't worry. They find and fix any vulnerabilities before the bad guys.
      jorjitop
      • How do you know?

        [i]Never had anti-virus. Never had anti-spyware. Never had an attack.[/i]

        But if you've never had anti-virus or anti-spyware, how do you know you've never had an attack?

        [i]They find and fix any vulnerabilities before the bad guys.[/i]

        Not quite right. They find and fix any vulnerabilities before ZDNet reports that the bad guys have exploited those vulnerabilities. Who says that the bad guys will tell ZDNet before they release an exploit?

        [i]Get a Mac - Because patching 111 times before June is fun![/i]
        NonZealot
        • At least they're finding and fixing them

          It's at least a good start.
          Michael Kelly
          • so thats the mantra now

            They are find and fixing it.
            Sure enough, the beat changes now, they are fixing it.
            Want the most secure, get Windows Vista. Want something just for show, get a Mac.
            code_Warrior
          • You sure about that?

            I think you have it bassackwards. ]:)
            Linux User 147560
          • really

            I think you need to check the lastest symmantec report on the subject.
            crypt2121
          • Secure in what sense?

            Drivers, applications and games that aren't available or won't work with Vista? Does that make it the most secure experience ever?
            zkiwi
          • welll

            since those same drivers, applications and games don't work with Linux or Apple either, I guess you are saying there are some vendors slow to get their wares ready. <br>
            on the other hand, you lame attempt doesn't take away from the story here....an average bowling score's worth of flaws in less than 6 month for Apple. See, the more they try desperately to catch up to Vista, the more they get hurried by Jobs and create very unhealthy software. Boy, i bet you can hardly wait for Leopard, with all of the things they are trying to match Microsoft on that one, you surely can expect another bumper crop of flaws later this year from Apple.
            xuniL_z
          • RE: so thats the mantra now

            Yes, run right out and get Vista. But keep in mind I have
            already paid a visit to a spyware infected Vista
            installation that the guy had owned for less than a week.
            Sure makes me want to replace my mac with a PC
            running Vista.

            But to be fair, I also have a PC here that has not been
            infected with any malware. But then it is running BSD
            and not Vista.

            I have to say my Mac is for more than just show. I use it
            for all my video and audio needs. And when I made the
            transition to a Mac my productivity in both these tasks
            went up tremendously. So say what you want, but I for
            one have found that I get much more work done these
            days.

            And the Mantra stays the same. Most have never claimed
            that OS X is impervious to attack. Just that it is far less
            likely to be successfully attacked. And I do take comfort
            in the fact that Apple seems to be fairly good about
            getting patches out in a timely fashion. Not all the time.
            but in this regard they are a lot better at it than MS is.
            Protagonistic
          • Yes, for show

            So your productivity for videos and audio has gone up... I call that show.
            Granted: Macs are better in that field. But I'd like my computer to let's me do all sorts of things, not just video and audio. Financial software, games, home entertainment integration?
            I'll stick with my PC.
            tikigawd
          • My thoughts

            I use macs and PCs and have for about 30 years. I've always had up-to-date anti-virus on my PC but never any on my mac. I've only ever have a virus (3) on my PC and I've only ever had malware/spyware (a lot more than 3) on my PC.

            I know the day will come on the Mac, but it hasn't yet.
            Now settle down. They are all only computers. Use the one you like.
            shane17
          • Tiki, Home Theater Integration?

            Microsoft may have invented the term for Windows MCE, but FrontRow and AppleTV are much more fluent in "Wow, I'm an idiot and I can figure this out on my first try" than any of the dozens of programs and devices meant to help with Windows.

            BTW, just to be fair, the XBox 360 does a better job with video, since it has a lot more high def available to it. Even then, it will forever be a video game system to me, and not a Media Hub like Microsoft wants me to believe it is.
            nix_hed
          • Vista is very secure

            I was byte-violated twice under XP with Norton and decided to upgrade to Vista.
            Well my son ended up getting some type of hacking on our Dell. It is so secure
            now that none of us can use it. My neighbor laughs at us because now we have to
            either re-install everything or take it into a technicianto have whatever removed;
            his Mac has never been hit at least in the last 5 years.

            I am seriously considering a Mac!!!
            Jesster
          • Good for you.

            Btw, have you seen the Vista BSOD yet? I heard it's pretty...brings the WOW factor.
            nix_hed
        • C'mon, even a zealot...

          like yourself has to admit there hasn't been .ani OSX virus in the wild.
          msalzberg
          • As Wrong as could be.

            We had this argument here before, more then once. And anyone who says there has never been an OSX virus in the wild is wrong as wrong could be. The existence of OSX viruses can be easily established by going to any one of the major security organizations like Secuna and actually looking to see if they have ever reported an OSX virus in the wild, and the answer is clearly, and without any doubt yes.

            The only possible argument against this is to arbitrarily "create" your own independent definition of what a virus is, claim the industry standard for what a virus is, is incorrect and your definition is correct, and then show how the OSX viruses reported in the wild do not meet your definition of a virus. And of course, thats just being an ass. But a few Apple Jacks around here have actually floated that lame argument and expected it to fly.

            It does not fly, its an argument without wings and its just plain childish. OSX viruses have been reported in the wild, get used to it, its a fact. Oh, just in case your wondering, apparently Apple makes the argument that the industry standard for a virus is wrong and their definition is correct. And that makes them an ass. We don't allow MS to dictate what is and what is not a virus and we don't allow Apple to dictate what is and what not a virus. If you believe them, fine. Believe the world is flat for all I care.
            Cayble
          • OK, so a zealot like [i]you[/i]...

            would say that.

            check this link:
            [u]http://www.eweek.com/article2/0,1895,2139856,00.asp[/u]
            msalzberg
          • You just don't get it.

            Who said Apples were less secure then a Windows platform???

            Read what I said very very carefully, get an ENGLISH translator if you cant read decently and find out I never said Apple was less secure. GET REAL. OSX has had viruses in the wild. Get used to it its a fact.

            If you were not sure an Apple apologist you would have got what I said; instead you just look for a way out, a way to make it sound like OSX and Apple computers don't get viruses. I agree, Apples are more secure then Windows. I have nothing against Apple products, in fact I think the quality is pretty damn great, but you pay more then I would for a custom built of superior quality and you cant play games and I haven't had a security problem since SP2 on XP and thats a few years ago so who cares. If security was a significant issue in even the slightest way I wouldn't even come close to purchasing an over priced Apple. I would just get a custom built PC of my exact specifications at about 65% the price of a similar configured Apple and install Linux for free as the majority of the open source apps are great and the OS and related applications are free. Linux is the security solution, not OSX. Windows is the ease of use and compatibility solution, not OSX or Apple. A custom built PC is the cost effective solution, not Apple or OSX. It doesn't matter what kind of solution you think you need; Apple takes no better then second place every time. Oh! Wait! There is one I forgot!! Apple wins one!!

            Prestige! Apple are costly, unique, rare, and great quality so they sure scream prestige! But a quality custom builder who takes pride in their work will build and back a better box for less every time so in the real world Apple loses again.

            TOO BAD. Get used to it and stop whining. Enjoy your "Apple Guy" commercials because its all you have.
            Cayble
          • What a terrible blog!

            From the link you posted:
            [i]I've used Macs since 1984, and I've been infected by some malware twice. Two times.[/i]

            He says this as if it is a good thing. I've been using PCs since 1986 (DOS, Windows, briefly Linux, lots more Windows, back to Linux again) and I've been infected by some malware... never. Ever. I guess this proves that the PC is infinitely more secure than the Mac?

            [i]However, by my reckoning of the installed bases for each platform, there should be many more exploits for the Mac. Depending on how you calculate the number?2, 3, 5 or whatever percent?shouldn't there be that corresponding percentage of viruses on the Mac in these lists?[/i]

            Ah yes, I pretty much stopped reading after this. Only a [b]complete[/b] idiot brings up the linear marketshare-to-malware relationship through the 0,0 coordinate argument. Even someone with a bit of high school math understands that not all relationships are linear, nor do all of them go through the 0,0 coordinate. For anyone to use this argument shows complete ignorance and any other "conclusions" they put forth are immediately suspect. But, there is no shortage of Mac zealot idiocy as all of you seem keen to prove day after day.
            NonZealot