Apple QuickTime update for Windows only; Macs already secure
Apple's security and OS updates included the latest version of QuickTime, which Apple has just made available for Windows PCs.
Apple issued a QuickTime update today that addresses a number of security vulnerabilities in the media player and its Web plug-in. This update is only for Windows-based machines that have QuickTime installed, since Mac systems have had this update applied in recent security updates for OS X.
Apple's QuickTime media player and plug-in are used by about half of all Windows PCs and all of Apple's systems since OS X includes QuickTime as a core component of the OS. Because of its popularity, attackers may use vulnerabilities in it as a vector for compromising the system on which it is installed.
The vulnerabilities in the QuickTime software that called for this update were ones in which a maliciously crafted QuickTime file could take control of a machine, in ways similar to exploits for other software packages like Java, Flash, Word, and Adobe Reader. The malicious file would cause a buffer overflow or other memory corruption that would return a corrupted memory pointer, which could then execute code stored at that memory address. Apple has outlined the details of the issues in a recent knowledge-base article.
If you have QuickTime installed on your system, be sure to update it to the latest version using Apple's Software Update utility or by downloading the latest QuickTime installer from Apple's QuickTime Web site. Even if you do not use the QuickTime media player, by having QuickTime installed on your system other programs such as Web browsers may use the plug-in to play media content.
Mac users who have updated to the latest version of OS X Lion (version 10.7.4) or who have installed Security Update 2012-002 for Snow Leopard will have applied the latest version, but these users may have Windows installations either in Boot Camp or in virtual machines which may need to be updated.
As always, be sure to back up your system when applying this or any other update.