QuickTime 7.3.1 released: QTL, Flash security flaws fixed

Apple has released QuickTime 7.3.1 in the following flavors:

• QuickTime 7.3.1 for Panther [50.9 MB]
• QuickTime 7.3.1 for Tiger [48.7 MB]
• QuickTime 7.3.1 for Leopard [52.6 MB]

This release includes the following enhancements (from Apple's security bulletin):

• "Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
• "Multiple vulnerabilities in QuickTime's Flash media handler Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue."

Problems after applying this update? Please let us know.

Resources