Apple updates QuickTime 7.2 with eight security fixes

Many of the patches address flaws within QuickTime for Java.

In addition to providing full-screen viewing and various iPhone options, the latest version of QuickTime 7.2 includes eight important security fixes. This update affects users of Mac OS X v10.3.9, Mac OS X v10.4.9, as well as users of Windows XP and Windows Vista. The QuickTime update is available from Apple's Software Download for both Mac OS X and Windows users.

QuickTime H.264 movie files
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2295. When viewing a maliciously crafted H.264 movie, an attack may produce an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for reporting this issue.

QuickTime
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2392. When viewing a maliciously crafted movie file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits to Jonathan "Wolf" Rentzsch of Red Shed Software for reporting this issue.

QuickTime .m4v file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2296. When viewing a maliciously crafted .m4v file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com for reporting this issue.

QuickTime SMIL file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2394. When viewing a maliciously crafted SMIL file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits David Vaartjes of ITsec Security Services, working with the iDefense VCP, for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2397. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2393. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java JDirect
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2396. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2402. When visiting a malicious Web site, an attack may lead to arbitrary code execution.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments