In association with heise online

12 July 2007, 11:29

QuickTime 7.2 closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Apple has released QuickTime 7.2 for Windows and Mac OS X. The new version fixes several security vulnerabilities which attackers could exploit using manipulated websites or specially crafted movie files to inject malicious code onto the computers of QuickTime users. Apple claims that it has also eliminated numerous non-security-related problems: now QuickTime Player also handles full screen mode.

In versions previous to QuickTime 7.2, specially crafted, H.264 Codec-compressed videos could inject arbitrary program code. A similar vulnerability exists in the case of common movie formats. Manipulated mp4 containers can provoke an integer overflow and SMIL files, as in the case of RealPlayer, can cause the computer to be compromised. In addition, Apple fixes several security vulnerabilities in QuickTime for Java, which attackers could exploit using websites with specially crafted Java applets, for example, to deactivate or bypass security checks or load an arbitrary library and deallocate arbitrary memory areas. One of the vulnerabilities enables websites to create screen shots and transmit them to the server.

QuickTime users should update their software to Version 7.2 as soon as possible. Apple provides this on their download pages without charge. The updates should also be available via the integrated update function.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733226
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit