Apple patches QuickTime for Windows
Apple has released QuickTime 7.6.7 for Windows 7, Vista and XP to close a critical hole discovered about two weeks ago. The flaw is contained in the QuickTimeStreaming.qtx component; it is said to cause a buffer overflow when processing SMIL files whose URLs exceed the maximum length. This allows attackers to inject arbitrary code into a PC and execute it there. Users can potentially fall victim to the attack simply by visiting a specially crafted website.
According to Apple, Mac OS X is not affected by the problem. While the vendor is already offering the new Windows version 7.6.7 of QuickTime to download, users should avoid downloading the version that is bundled with iTunes – because this version still appears to contain the vulnerable QuickTime 7.6.6.