QuickTime 7.6 update brings security fixes
Apple has released QuickTime 7.6 for Mac OS X and Windows, which includes several enhancements and fixes seven critical security vulnerabilities. According to Apple, all of the vulnerabilities allowed system infiltration and the launch of code on the system using the privileges of the user currently logged in to the system. The problems were caused by errors in the processing of video files in different file formats and codecs. For an attack to be successful, a victim has to play a manipulated file that takes advantage of one of the vulnerabilities.
The update also brings improved stability and compatibility, with iChat and Photo Booth under Mac OS X. It also includes corrections to some audio and video codecs. The update size varies upon the operating system from 20MB to 72MB in size and is available to download now for Mac OS X v10.4.9 to v10.4.11, Mac OS X v10.5.x, Windows Vista, XP SP2 and SP3.
Apple also released a further updated for QuickTime under Windows to repair a security hole in the QuickTime MPEG-2 Playback Component. By default the component is not included as part of QuickTime and must be downloaded separately. The update is also available free of charge.
- About the security content of QuickTime 7.6, Details from Apple's Website
- About the security content of QuickTime MPEG-2 Playback Component, Details from Apple's Website
- About QuickTime 7.6, Details from Apple's Website