The Inquirer-Home

Apple patches 17 security vulnerabilities in Quicktime for Windows

Fixes a remote code execution flaw
Wed May 16 2012, 12:30
Quicktime on Mac

SOFTWARE DESIGNER Apple has patched 17 security vulnerabilities in an update for the Windows version of its Quicktime media player.

The QuickTime 7.7.2 update fixes flaws in versions for Windows 7, Windows Vista and Windows XP SP2 or later, one of which is a major bug that could allow an attacker to remotely execute code on a target system.

Other vulnerable Quicktime components addressed are tools that handle movie files, MP4 content and web pages.

The flaws addressed could be activated by attackers tricking users into viewing a malicious media file that uses overly large values in the PCT image format. They can then take total control of a machine running Windows through this vulnerability.

Rodrigo Branco, director of vulnerability and malware research at security firm Qualys said that all Quicktime users, consumers and businesses running Windows systems "should download the security update as soon as possible since simply browsing to a malicious web page on any web browser can activate this vulnerability".

Apple cited HP's Tippingpoint security initiative for the research in finding the bugs associated with the program, discovering 14 of the 17 patched security issues.

Users running the OS X version of Quicktime on their shiny Macs are not to worry, as many of the listed vulnerabilities are not applicable to OS X and those that were have already been addressed in Apple's recent OS X Lion 10.7.3 release and OS X 10.6 security update. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?