14 DAY TRIAL // Apple is addressing multiple security issues residing in their QuickTime media player for Mac and Windows via a new software update release that brings the software to version 7.7 on both platforms.
Affecting Mac OS X v10.5.8 Leopard (Client and Server), Windows 7, Windows Vista, and Windows XP SP2 or later, QuickTime 7.7 improves security and is recommended for all users, according to a technical document on Apple’s Support site.
With the exception of one flaw, all of the issues addressed in this update affect all platforms (of the ones mentioned above).
The first vulnerability listed by Apple in a Support article talking about the security content of QuickTime 7.7 is related to a buffer overflow that exists in QuickTime's handling of “pict” files.
“Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution,” Apple explains. “sFor Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.8. This issue does not affect OS X Lion systems,” adds Apple.
The rest of the bugs are similar, in that QuickTime will become vulnerable if fed maliciously crafted file, or website.
As noted above, there’s one flaw that doesn’t apply to all platforms. Instead, it affects Windows PC users only, whether they have a Windows 7, Vista, or XP installation.
Because of a heap buffer overflow that exists in QuickTime's handling of GIF images, “viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution,” according to Apple’s advisory.
The Cupertino technology giant outlines that “This issue does not affect Mac OS X systems.”
The flaw was discovered by an anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure program, Apple says.
To read about the entire set of security patches (over a dozen of them) delivered in QuickTime 7.7 for Mac and Windows, visit Apple here.