Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Apple > Software

June 2nd, 2009, 14:28 GMT · By

The Security Side of QuickTime 7.6.2

SHARE:

Adjust text size:


Apple Support document logo
Enlarge picture
Apple has disclosed that both iTunes 8.2 and QuickTime 7.6.2 have been suffering from a few security issues, with QuickTime alone being in need of some ten patches. Two of these ten security holes recently plugged by Apple have been confirmed as Windows-specific.

In a Support document detailing the security content of QuickTime 7.6.2, Apple reveals that as many as 8 issues plagued QuickTime versions for Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3.

Among those was security issue CVE-ID: CVE-2009-0957. Discovered by renowned hacker Charlie Miller of Independent Security Evaluators as well as Damian Put working with TippingPoint's Zero Day Initiative, the flaw triggers unexpected application termination or arbitrary code execution should the user view a maliciously crafted JP2 image.

Apple explains that “a heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking,” the company claims.

Issues CVE-ID: CVE-2009-0010 and CVE-ID: CVE-2009-0954, available for Windows Vista and XP SP3, have similar impacts only in different circumstances: by opening a maliciously crafted PICT image, and by opening a maliciously crafted movie file. The two vulnerabilities have been addressed in QuickTime 7.6.2 through additional validation of PICT images and, respectively, through improved bounds checking.

According to Apple, “QuickTime 7.6.2 includes changes that increase reliability, improve compatibility and enhance security.” The company touts this release as “recommended for all QuickTime 7 users.”

Upon releasing the update, Apple also posted a note to QuickTime 6 Pro users, revealing that QuickTime Pro functionality in prior versions of QuickTime (such as QuickTime 6) would be disabled following the installation of QuickTime 7 or later.

Download QuickTime 7.6.2 for Mac (Free)

Download QuickTime 7.6.2 for Windows (Free)

TELL US WHAT YOU THINK:

2,284 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


QuickTime 7.6.2 Available for Mac and Windows – Download Here
The Sims 3 Released for Mac OS X
Quick Tip: Finding an App's Original Icon Set in Mac OS X
Apple Proud for Topping Consumer Satisfaction Survey
iTunes 8.2 Supports iPhone OS 3.0, Fixes Tiger Flaw

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use