QuickTime

The H-Online: Version 7.7.2 of QuickTime for Windows has been released to address a total of 17 security vulnerabilities in the media player. According to Apple, these include integer, stack and buffer overflows, as well as memory corruption issues, all of which could be could exploited by an attacker to crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a user must first open a malicious web site or a specially crafted file. ...

H-Security Online: Version 7.7 of QuickTime is now available for users running Windows XP SP2 or later and Mac OS X v10.5.8 Leopard. The maintenance and security update addresses a total of 14 security vulnerabilities in the multimedia application. QuickTime 7.7 closes holes on both platforms that could be used by an attacker to, for example, crash the application or execute arbitrary code on a victim’s system. For an attack to be successful, a victim must first open a specially crafted file or a malicious web site. A cross-origin issue that may lead to the disclosure of video data from another web site has also been fixed. The company notes that, for Mac OS X 10.6 users, these holes have already been addressed in 10.6.8; the latest version of Mac OS X, 10.7 Lion, is not affected. ...

This week Apple announced the availability of QuickTime 7.6.9 for OS X 10.5 and Windows platforms. This release fixes 13 vulnerabilities in QuickTime for OS X Leopard and 15 vulnerabilities on the Windows platform. Keep in mind that if you use iTunes it requires that you install QuickTime as well, so be sure to check for updates. Apple has provided a direct download link for IT folks at http://www.apple.com/quicktime/download/. All 13 vulnerabilities for OS X can cause unexpected application termination (what you and I call a crash, but you can’t say crash on a Mac) or arbitrary code execution (make QuickTime run programs… BAD). ...