Apple updates QuickTime 7.2 with eight security fixes

Many of the patches address flaws within QuickTime for Java.

In addition to providing full-screen viewing and various iPhone options, the latest version of QuickTime 7.2 includes eight important security fixes. This update affects users of Mac OS X v10.3.9, Mac OS X v10.4.9, as well as users of Windows XP and Windows Vista. The QuickTime update is available from Apple's Software Download for both Mac OS X and Windows users.

QuickTime H.264 movie files
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2295. When viewing a maliciously crafted H.264 movie, an attack may produce an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for reporting this issue.

QuickTime
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2392. When viewing a maliciously crafted movie file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits to Jonathan "Wolf" Rentzsch of Red Shed Software for reporting this issue.

QuickTime .m4v file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2296. When viewing a maliciously crafted .m4v file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com for reporting this issue.

QuickTime SMIL file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2394. When viewing a maliciously crafted SMIL file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits David Vaartjes of ITsec Security Services, working with the iDefense VCP, for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2397. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2393. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java JDirect
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2396. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2402. When visiting a malicious Web site, an attack may lead to arbitrary code execution.

About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Is your phone battery always at 4 percent?

    These battery packs will give your device the extra juice to power through all of those texts and phone calls.