QuickTime update patches 16 vulnerabilities
Apple has released version 7.6.6 of its QuickTime multimedia player. The update closes a total of 16 critical vulnerabilities, all of which could be used by an attacker to inject and execute arbitrary code with the users current privileges. According to Apple, for an attack to be successful a user need only open a manipulated image, audio or video file. It is also sufficient to visit a specially crafted web page.
All users are advised to update as soon as possible. QuickTime 7.6.6 is available to download for Windows XP SP2, Vista, Windows 7 and Mac OS X 10.5.8. The QuickTime vulnerabilities for Snow Leopard were already fixed in yesterdays 10.6.3 update for Mac OS X.
- About the security content of QuickTime 7.6.6, security advisory from Apple.
- Apple releases Mac OS X 10.6.3 update, a report from The H.