All the latest UK technology news, reviews and analysis

Apple issues QuickTime 7.5 update

by Shaun Nichols

More from this author

11 Jun 2008

Be the first to comment

  • Tweet this
Apple QuickTime
Five QuickTime vulnerabilities could allow remote code execution

Apple has issued an important security update for its QuickTime multimedia plug-in.

QuickTime 7.5 includes fixes for five flaws in the Windows XP and Vista versions of the tool, four of which also affect the Mac OS version.

Further reading

All five vulnerabilities could allow an attacker to remotely execute malicious code on a user's system.

Among the vulnerabilities is a flaw in the PICT component within QuickTime. An attacker could use a specially-crafted image file to cause a memory overflow that would allow for remote code execution. The flaw does not affect Mac OS users.

Each of the four remaining vulnerabilities affect Mac and Windows versions. They include issues in the way QuickTime handles Indeo and AAC files, as well as a second vulnerability in the handling of PICT image files.

The fourth vulnerability concerns a flaw in the handling of URLs within QuickTime Player. An attacker could install and run malicious code when the user launches a specially-crafted QuickTime file.

Apple has fixed the vulnerability by forcing the files to be downloaded to Windows Explorer or the Mac OS desktop rather than automatically launched by QuickTime.

Users can obtain the update automatically through the Software Update component or manually through the Apple Downloads website.

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Security

data-security-key

Thousands of public encryption keys found to offer no security

Related white papers

Related articles

Related jobs

Today's top stories

Web blocking. Content owners want to stop copyright infringement

Music file-sharing site taken offline by UK Serious Organised Crime Agency

Mozilla Firefox logo

Mozilla adds Android and security updates to Firefox roadmap

Acer Aspire S3 Ultrabook

Acer Aspire S3 ultrabook review

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

Software Development Manager

Software Development Manager - London, 12 Month Contract...

PROCUREMENT AND COMMERCIAL MANAGER

PROCUREMENT AND COMMERCIAL MANAGER BERKSHIRE...

Field Service Engineer Crawley

Hardware Engineer / Field Service Support Analyst £16...

Infrastructure / Implementation Support Windows

Infrastructure / Implementation Support Engineer (Windows...

To send to more than one email address, simply separate each address with a comma.