Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges.
Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java applets.
From Apple Article ID: 306896 "About the security content of QuickTime 7.3":
A remote, unauthenticated attacker may be able to take any action that the user running QuickTime can.
Apple credits Adam Gowdiak for reporting this issue
This document was written by Ryan Giobbi.
|Date First Published:||2007-11-08|
|Date Last Updated:||2007-11-08 17:26 UTC|