|
|
|
Vulnerability Note VU#995836Apple QuickTime for Java security bypass vulnerabilityOverviewApple QuickTime for Java fails to properly restrict the instantiation and manipulation of Java objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionApple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This feature is known as QuickTime for Java. Apple QuickTime for Java fails to properly restrict the instantiation and manipulation of Java objects. This can allow an attacker to create a specially crafted Java applet that can bypass Java applet security restrictions. Once the security restrictions are bypassed, the malicious applet may be able to access and manipulate system resources.More information is available in About Security Update (QuickTime 7.1.6).
Apply an update, as specified in the Apple QuickTime 7.1.6 security update.
Referenceshttp://www.us-cert.gov/reading_room/securing_browser/#Safari This vulnerability was reported in About Security Update (QuickTime 7.1.6).
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||