Apple patched its QuickTime multimedia player on Wednesday, fixing 11 security flaws that could allow maliciously-created movie files to compromise Windows and Macs OS X systems.
The vulnerabilities fixed by the patch, which updates QuickTime to version 7.4.5, range from a privilege-escalation flaw in the way the multimedia player handles Java to remote security holes that could compromise a users' computer if a specially-crafted movie file is opened. While all 11 vulnerabilities affect QuickTime for Windows, only 8 of the security issues impact QuickTime for the Mac OS X, according to the company's advisory.
Apple has patched at least five other QuickTime flaws in 2008, including four in January and a single security hole in February. In March, the company fixed 108 flaws in its operating system, but most of the issues occurred in the open-source components of the Mac OS X. Online attackers are increasingly using the media files handled by QuickTime, Windows Media Player and Real Player to attempt to infect unwary users' systems.
Users of Mac OS X 10.3, 10.4, and 10.5 can update their QuickTime software using the operating system's "Software Update..." feature in the Apple menu. Windows users can download the update by opening QuickTime and using the "Update Existing Software..." feature available in the Help menu. Both platforms automated update capabilities will eventually download the security update.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos