Apple closes 11 security holes in QuickTime

Apple has released version 7.4.5 of QuickTime to fix a total of 11 security vulnerabilities. Attackers can use nine of them to inject Trojans by means of specially crafted media files.

Advertisement

The file formats PICT, QuickTime Animation, QuickTime VR, MOV and MPG are affected. When manipulated files are handled, various buffer overflows can occur, allowing any injected malicious code to be executed. Access privileges can also be escalated for Java applets in QuickTime for Java, and sensitive information can be transmitted to attackers when specially crafted movies are downloaded because the movies are able to open URLs automatically.

The current version 7.4.5 supports Windows XP and Vista, and the Mac OS X Leopard, Panther and Tiger versions can be downloaded from Apple's websites. The automatic software update function should also offer the latest version automatically. Users are advised to download and install the update as soon as possible.

See also:

• About the security content of QuickTime 7.4.5, overview of the fixed flaws from Apple
• Download QuickTime 7.4.5 for Windows XP and Vista (22 MB)
• Download QuickTime 7.4.5 for Leopard (56 MB)
• Download QuickTime 7.4.5 for Panther (52 MB)
• Download QuickTime 7.4.5 for Tiger (53 MB)

(mba)