In association with heise online

03 April 2008, 11:40

Apple closes 11 security holes in QuickTime

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released version 7.4.5 of QuickTime to fix a total of 11 security vulnerabilities. Attackers can use nine of them to inject Trojans by means of specially crafted media files.

The file formats PICT, QuickTime Animation, QuickTime VR, MOV and MPG are affected. When manipulated files are handled, various buffer overflows can occur, allowing any injected malicious code to be executed. Access privileges can also be escalated for Java applets in QuickTime for Java, and sensitive information can be transmitted to attackers when specially crafted movies are downloaded because the movies are able to open URLs automatically.

The current version 7.4.5 supports Windows XP and Vista, and the Mac OS X Leopard, Panther and Tiger versions can be downloaded from Apple's websites. The automatic software update function should also offer the latest version automatically. Users are advised to download and install the update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit