Apple closes security gaps for QuickTime, iPhone, iPod Touch
QuickTime updates for Windows, Mac users designed to prevent a system from being hijacked when malicious movie files are opened.
Apple released the first patches for 2008 to the QuickTime media player as well as the iPhone and iPod Touch on January 15.
Memory corruption issues in QuickTime's handling of Sorenson 3 video, Macintosh Resource Records, and Image Descriptor atoms are to blame for three of four noted security holes. The fix also closes a gap left when QuickTime processes compressed PICT graphics.
However, the updates do not address a vulnerability in QuickTime's streaming media protocol, publicized by Italian researcher Luigi Auriemma earlier this month.
The last fix to QuickTime was made December 13.
Apple's iPhone and iPod Touch updates are designed to bolster Passcode Lock and prevent unauthorized users from launching applications, as well as to keep owners from inadvertently leaking sensitive data via phishing Web sites accessed through Safari.
The version 1.1.3 fixes are available for download only through updates to iTunes, which should prompt users to accept the changes. Docking an iPhone or iPod Touch will also trigger the updates to be made.