Focus on Apple
Apple releases QuickTime 7.2 with security updates Jul 11 2007 10:52PM
Todd Woodward (todd_woodward symantec com)
Apple today posted security notice "APPLE-SA-2007-07-11 QuickTime 7.2" with the release of QuickTime 7.2 for the Windows- and Mac OS X-platforms.

As always, a direct link to the Apple Knowledge Base:

http://docs.info.apple.com/article.html?artnum=305947

Here is a quick summary of the security updates. Please read Apple's KB document for more and accurate details:

* Memory corruption issues exist in QuickTime's handling of H.264 and other general movie files, which may lead to an unexpected application termination or arbitrary code execution.

* Two integer overflow vulnerabilities exist in QuickTime's handling of .m4v and SMIL files. By enticing a user to access a maliciously crafted .m4v or SMIL file, the issue which may lead to an unexpected application termination or arbitrary code execution.

* Four design issues QuickTime for Java were resolved. One may allow security checks to be disabled. Another may allow Java applets to bypass security checks in order to read and write process memory. Another, JDirect exposes interfaces that may allow loading arbitrary libraries and freeing arbitrary memory. And finally, a vulnerability that may allow a malicious website to capture a client's screen content.

###

Security Response Researcher
Focus-Apple Moderator
 
_______________________________________
Todd D. Woodward
Technical Support Engineer
NetBackup Support
Symantec Corporation
www.symantec.com
________________________________________
Office: 541-335-7441
________________________________________

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus