In association with heise online

16 September 2010, 11:32

Apple closes back door in QuickTime 7

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

QuickTime Logo Apple has released QuickTime 7.6.8 for Windows to close two critical security vulnerabilities in its media player. One of the holes is the vulnerability in QuickTime's ActiveX plug-in discovered by security expert Ruben Santamarta at the end of August: An undocumented parameter allowed attackers to inject and execute malicious code.

The update also addresses the DLL vulnerability under Windows already disclosed four weeks ago. Apple said that the previous version of QuickTime's Picture Viewer retrieved DLLs from the current working directory. The update removes the working directory from the list of DLL search paths.

The update is about 33 MB in size. However, Apple continues to offer the vulnerable version 7.6.7 when bundled with iTunes 10, released in early September. All users are advised to upgrade.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit