Headline Feeds
Free WiFi Hotspot Locator from TechNewsWorldApple (Nasdaq: AAPL) 
released patches for two flaws, one considered a serious hole, in its QuickTime media player -- just one week after releasing a bug catcher for the Mac OS X operating system.
The security 
fix to QuickTime 7.1.6 addresses two issues in the way QuickTime works on the Java platform.
The more serious problem could allow hackers to take control of an unpatched computer from a remote location. "By enticing a user to visit a Web page containing a maliciously crafted Java applet, an attacker can trigger the issue, which may lead to arbitrary code execution," Apple said in a security alert.
Other Problems
The second bug is considered to be less critical, yet somewhat dangerous, as it could allow an attacker to see sensitive information contained in the Web browser's memory. In that case, Java may allow malicious Web sites to trigger arbitrary code execution.
The update addresses the issue by performing additional validation of Java applets, the company said. The latest QuickTime update is available for both Mac OS and Windows users.
An unpatched flaw could cause plenty of problems for users unaware of the holes, according to Zippy Aima, a research analyst with Frost & Sullivan .
"Apple has always been pretty responsive to security threats, but users caught not paying attaching to the patches could find some trouble," Aima told MacNewsWorld.
Patching All Versions of QuickTime
The patches apply to the Mac OS X and Windows versions of QuickTime, and they can be downloaded from the company's site manually, according to Apple. Mac users can also retrieve them with the operating system's software update feature or use the optional Apple Software Update utility on Windows.
Earlier this month, security outfit Secunia said one in three installed copies of QuickTime were not fully patched, making it three times more likely to pose a threat than Internet Explorer and six times more likely than Firefox.
In an alert of its own, Symantec (Nasdaq: SYMC) pointed out that the new vulnerabilities were especially appealing to attackers because they affect both Macs and Windows-based PCs.
Keeping Guard
Apple's security team has been busy lately, as the company last week released Security Updates 2007-005 for its Mac OS X Tiger and Mac OS X Panther operating systems.
The Mac OS X patches fixed 17 flaws, several of which were considered to be critical.
Apple's automatic software updates for Windows and Mac OSes can deliver the updates to computers or can be downloaded manually.
Talkback: 
