Apple Fixes Critical Remote Code Execution Bug in QuickTime

Apple has released QuickTime 7.6.7 as a security update in order to address a highly critical remote code execution vulnerability disclosed at the end of last month.

"A stack buffer overflow exists in QuickTime's error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution," explains the company in the advisory accompanying the release.

The patched vulnerability, which is identified as CVE-2010-1799, was discovered and reported last month by a Polish security researcher named Krystian Kloskowski.

Reputed Danish vulnerability management vendor Secunia rates this vulnerability as highly critical, because it can be exploited remotely and can lead to full system compromise.

An attacker can trigger an exploitable stack-based buffer overflow in the QuickTimeStreaming.qtx component by tricking a user into visiting a malicious Web page, which attempts to load a malformed SMIL file.

The Synchronized Multimedia Integration Language (SMIL) is an XML-based markup language recommended by the W3C for authoring media presentations which combine audio, video, images, text and other types of media.

SMIL files can contain information about various aspects of a presentation, like structure, timing and synchronization, layout, transition effects or animation.

The vulnerability is caused by a memory boundary error which can be triggered by including an overly long URL in a SMIL document.

This has been a busy week for Apple, which also released iOS 4.0.2 Update for iPhone and iPod touch and iOS 3.2.2 Update for iPad in order to address high-risk vulnerabilities, which left devices exposed to drive-by downloads.

These kind of attacks, which are also possible through the QuickTime vulnerability, occur transparently to users and result in malware being downloaded and executed on their computers when visiting a malicious or compromised website.

QuickTime 7.6.7 has only been released for Windows 7, Vista and XP SP2 or later and can be downloaded from here.

You can follow the editor on Twitter @lconstantin