Apple closes seven critical vulnerabilities in QuickTime
Apple has released QuickTime 7.3, which remedies seven critical vulnerabilities that attackers could exploit to infect systems with contaminants. All users need to do is open specially crafted videos or images with a vulnerable version of QuickTime. According to Apple's security advisory, the vulnerabilities are partly caused by flaws in the handling of Sample Table Sample Descriptor Atoms (STSD) in videos, Panorama Sample Atoms in QuickTime Virtual-Reality videos (QTVR), Image Description Atoms, and Color Table Atoms in QuickTime videos. (The term "Atom" refers to a container of descriptions or data.) As a result, heap overflows can be provoked that allow malicious code to be injected into memory and executed with the user's rights.
Similar flaws are found in the functions that represent images in the PICT format. In addition, Apple has also remedied a flaw in QuickTime related to the handling of Java applets. Attackers were reportedly able to compromise systems when users merely visited a manipulated website. Just last April, Apple had to close a Java-related QuickTime hole. The update is available for Mac OS X v10.3.9, Mac OS X v10.4.9, Mac OS X v10.5, Windows Vista and Windows XP SP2.
- About the security content of QuickTime 7.3, Apple security advisory
- Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability, iDefense security advisory
- Apple QuickTime Color Table RGB Parsing Heap Corruption Vulnerability, ZDI security advisory
- Apple Quicktime PICT File PackBitsRgn Parsing Heap Corruption Vulnerability, ZDI security advisory
- Apple QuickTime PICT File Poly Opcodes Heap Corruption Vulnerability, ZDI security advisory
- Apple QuickTime Uncompressedfile Opcode Stack Overflow Vulnerability, ZDI security advisory