Apple QuickTime
Five QuickTime vulnerabilities could allow remote code execution

Apple issues QuickTime 7.5 update

Five security fixes for Mac and Windows versions

Written by Shaun Nichols in California

vnunet.com, 11 Jun 2008

Apple has issued an important security update for its QuickTime multimedia plug-in.

QuickTime 7.5 includes fixes for five flaws in the Windows XP and Vista versions of the tool, four of which also affect the Mac OS version.

All five vulnerabilities could allow an attacker to remotely execute malicious code on a user's system.

Among the vulnerabilities is a flaw in the PICT component within QuickTime. An attacker could use a specially-crafted image file to cause a memory overflow that would allow for remote code execution. The flaw does not affect Mac OS users.

Each of the four remaining vulnerabilities affect Mac and Windows versions. They include issues in the way QuickTime handles Indeo and AAC files, as well as a second vulnerability in the handling of PICT image files.

The fourth vulnerability concerns a flaw in the handling of URLs within QuickTime Player. An attacker could install and run malicious code when the user launches a specially-crafted QuickTime file.

Apple has fixed the vulnerability by forcing the files to be downloaded to Windows Explorer or the Mac OS desktop rather than automatically launched by QuickTime.

Users can obtain the update automatically through the Software Update component or manually through the Apple Downloads website.

reader comments

related articles

Apple iPhoneCommunications

Apple unveils iPhone 3G

Jobs does not disappoint at WWDC 10 Jun 2008

 
Communications

iPhone 3G is 'no market changer'

New features just keep up with the competition, says analyst 10 Jun 2008

Communications

O2 promises UK iPhone 3G on 11 July

Exclusive deals through O2 and Carphone Warehouse 10 Jun 2008

APPLE IPHONE 3G

10 Jun 2008

Apple fixes critical QuickTime flaws

XP, Vista and Mac OS X versions affected 03 Apr 2008

Apple releases seven QuickTime fixes

Vulnerabilities affect OS X and Windows versions 09 Nov 2007

Security

Apple slips security fixes into rollout

Updates for iTunes and QuickTime 10 Sep 2008

related whitepapers

today's top stories

The Big Picture

Learning from the credit crunch to avoid a broadband crunch

While it might be the most pressing issue de jour , the financial system isn’t the only area where government needs to... 10 Oct 2008

Management

How careerism can warp IT procurement

Many working in IT put their career interests before those of their employer when weighing up purchasing options 10 Oct 2008

Management

City in pressing need of skilled IT matchmakers

With the financial services sector plunging ever deeper into an M&A maelstrom, IT leaders are having their systems integration skills and due diligence expertise tested as never before 09 Oct 2008

Software

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Management

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More news

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Jobs

Related jobs

Job of the week

> More IT vacancies

Job alerts

  • Latest jobs to your inbox
Sign up here

Find your next job


IT Salary Checker

  • Are you being paid what you are worth?
Check salary here

Advertisement

White papers

Search white papers

Top categories

VPN, Extranet and Intranet Solutions

WAN/ LAN Solutions

Network Security

Interoperability-Connectivity

Grid/ Utility Computing

Latest poll

Would you apply for a job that was advertised on Facebook or a similar social networking site?

Would you apply for a job that was advertised on Facebook or a similar social networking site?

The government is using Facebook to recruit IT staff - would you apply to such an ad?

Previous poll results

> More polls

Latest audio and video articles

programming codeVideo

The definitive guide to software development

Five key trends and five best practice tips to help you improve your programming capabilities 09 Oct 2008

Podcast imageAudio

Computing podcast - IT implications of the banking crisis, and the FSA clamps down on IT security

We discuss the effect of shotgun mergers and acquisitions on financial services IT staff, and examine the industry regulator's plan to fine directors for information security breaches 09 Oct 2008

> More audio and video

Latest in-depth articles

Financial Services Authority buildingAnalysis

FSA threatens executives with fines

Senior management to be held accountable for security lapses at banks 09 Oct 2008

Comment

Broadband must be a spending priority

For the economic health of the nation, the government would do better to bankroll an optical fibre rollout rather than prop up profligate banks 09 Oct 2008

> More in depth articles

Advertisement

Primary Navigation