World Backup Day Deals Best Cloud Storage Options Apple AR/VR Headset Uncertainty Samsung Galaxy A54 Preorders iOS 16.4: What's New 10 Best Foods for PCOS 25 Easter Basket Ideas COVID Reinfection: What to Know
Want CNET to notify you of price drops and the latest stories?
No, thank you
Accept
Culture

Apple updates QuickTime 7.2 with eight security fixes

Many of the patches address flaws within QuickTime for Java.

Robert Vamosi headshot
Robert Vamosi
3 min read

In addition to providing full-screen viewing and various iPhone options, the latest version of QuickTime 7.2 includes eight important security fixes. This update affects users of Mac OS X v10.3.9, Mac OS X v10.4.9, as well as users of Windows XP and Windows Vista. The QuickTime update is available from Apple's Software Download for both Mac OS X and Windows users.

QuickTime H.264 movie files
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2295. When viewing a maliciously crafted H.264 movie, an attack may produce an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for reporting this issue.

QuickTime
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2392. When viewing a maliciously crafted movie file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits to Jonathan "Wolf" Rentzsch of Red Shed Software for reporting this issue.

QuickTime .m4v file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2296. When viewing a maliciously crafted .m4v file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com for reporting this issue.

QuickTime SMIL file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2394. When viewing a maliciously crafted SMIL file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits David Vaartjes of ITsec Security Services, working with the iDefense VCP, for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2397. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2393. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java JDirect
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2396. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2402. When visiting a malicious Web site, an attack may lead to arbitrary code execution.