H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application.
QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected.
Further information about the security update, including a full list of vulnerabilities fixed, can be found in a post on Apple’s Security Announce mailing list. QuickTime 7.7 is available to download for Windows and Mac OS X Leopard. Mac OS X users can upgrade to the latest release using the built-in Software Update function; Windows users who have Software Update for Windows can update by selecting ‘Apple Software Update’ from the Start menu.
See also:
About the security content of QuickTime 7.7, security advisory from Apple.