The H-Online: Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file.
The company notes that, on Mac OS X, many of the holes have already been fixed in Mac OS X 10.7.3 and 10.7.4 Lion, and Security Updates 2012-001 and 2012-002 for Mac OS X 10.6.8 Snow Leopard systems. A majority of these vulnerabilities were discovered by members of TippingPoint’s Zero Day Initiative (ZDI).
Further information about the QuickTime update can be found in Apple’s security advisory. QuickTime 7.7.2 for Windows is available for Windows 7, Vista and XP SP2 or later from Apple’s Support Downloads site. Alternatively, those who have the Software Update for Windows tool installed can update by selecting “Apple Software Update” from the Start menu.