QuickTime 7.7.1 security update released
Apple has released version 7.7.1 of QuickTime for Windows. According to the company, the maintenance and security update addresses a total of 12 vulnerabilities in the media player.
QuickTime 7.7.1 closes several holes that could be exploited by an attacker to, for example, crash the application or execute arbitrary code on a victim's system. For an attack to be successful, a victim must first open a specially crafted file. An information disclosure bug and a cross-site scripting (XSS) issue have also been fixed.
Apple notes that, on Mac OS X, many of these holes have already been corrected in Mac OS X 10.7.2 Lion and in Security Update 2011-006 for Mac OS X 10.6.8 Snow Leopard systems. A majority of the vulnerabilities were discovered by members of TippingPoint's Zero Day Initiative (ZDI).
More details about the update can be found in Apple's security advisory. QuickTime 7.7.1 is available to download for Windows 7, Vista and XP SP2 or later from Apple's Support site. Alternatively, users who have Software Update for Windows installed can update by selecting 'Apple Software Update' from the Start menu.
- About the security content of QuickTime 7.7.1, security advisory from Apple.