Quicktime 7.6 fixes security flaws

Malicious URLs and movie files

By Egan Orion

Thu Jan 22 2009, 10:23

JOBS' MOB released Quicktime 7.6 Wednesday to address seven security vulnerabilities in the fruit-themed toymaker's video player application.

Apple doesn't grade security flaws by severity or divulge whether actual exploits have been detected, but its impact descriptions for the security vulnerabilities all refer to "unexpected application termination or arbitrary code execution", suggesting that malicious input could crash Quicktime or potentially compromise the integrity of the user's PC operating system.

The security flaws resolved by the new release include vulnerabilities to maliciously-crafted RTSP URLs and QTVR, AVI, MPEG-2, H.263, Cinepak and Quicktime-encoded movie files.

Quicktime 7.6 is available for Mac OS/X Tiger and Leopard as well as the Vole's Windows XP and Vista. It can be installed via Software Update or from the Apple Downloads page.

Despite the fact that Mac OS/X is BSD Unix beneath Apple's proprietary eye-candy desktop GUI, Apple doesn't offer a Linux version of Quicktime. However, Mplayer for Linux handles Quicktime encoded files. Mplayer for Linux is not implicated by Apple's Quicktime video player security flaws. µ

L'Inq
Apple

Apple releases Mac OS X 10.7.3 A gigabyte of patches Thursday, 2 February 2012, 15:22 PM Read more	3M CP45 Camcorder Projector review Bold idea to merge the two features, but disappointing execution Wednesday, 23 November 2011, 16:02 PM Read more
Apple open sources its lossless audio codec And issues bug fixes for Quicktime Friday, 28 October 2011, 11:28 AM Read more	Newly patched Safari flaws pose serious risks A proof-of-concept remote code execution exploit is available Thursday, 13 October 2011, 11:26 AM Read more
Adobe patches critical vulnerabilities in Flash Player Attacks are already seen in the wild Thursday, 22 September 2011, 10:06 AM Read more	Apple security update combats the Macdefender fake anti-virus plague Malware definitions updated Wednesday, 1 June 2011, 12:33 PM Read more

< Previous article| Next article >

Comments

Look it up . . .

For an explanation of the relationship between Unix, Mac OS X, and Linux, look up "Unix-like" on Wikipedia.

http://en.wikipedia.org/wiki/Unix-like

And remember: GNU's Not Unix

posted by : Daryl Herbert, 23 April 2009 Complain about this comment

Where are the fanboi's saying Apple doesn't have bugs?

Is OS X just Linux with a pretty front end?

posted by : interested_party, 22 January 2009 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

Windows Lead Technician

Windows Lead Technician Th...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Quicktime 7.6 fixes security flaws

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review