QuickTime 6.5.1 fixes vulnerability

QuickTIme 6.5.1, released last week, fixes a security flaw originally discovered by eEye Digital Security where playing a problematic .mov file can cause QuickTime to quit.

Secunia.com reports "The QuickTime extension ("QuickTime.qts") is a component used by various applications to access QuickTime functionality. The vulnerability is reportedly caused due to an integer overflow within a routine used for copying Sample-to-Chunk table entries from the 'stsc' atom data in a QuickTime-format movie ('.mov') into an array.

"This can be exploited via a specially crafted movie to cause a heap overflow by specifying an overly long value in the 'number of entries' field.

"According to eEye Digital Security, successful exploitation allows execution of arbitrary code on a user's system. However, the vendor claims that exploitation only causes the application to terminate."

It should be noted that despite patching this vulnerability, installation of QuickTIme 6.5.1 causes some users inability to play purchased iTunes music store tracks in other applications.

If you've not yet updated to QuickTime 6.5.1, you can obtain the new release here: http://www.apple.com/quicktime/download/.

Resources