Focus on Apple
Back to list
Apple releases QuickTime 7.2 with security updates
Jul 11 2007 10:52PM
Todd Woodward (todd_woodward symantec com)
Apple today posted security notice "APPLE-SA-2007-07-11 QuickTime 7.2" with the release of QuickTime 7.2 for the Windows- and Mac OS X-platforms.
As always, a direct link to the Apple Knowledge Base:
Here is a quick summary of the security updates. Please read Apple's KB document for more and accurate details:
* Memory corruption issues exist in QuickTime's handling of H.264 and other general movie files, which may lead to an unexpected application termination or arbitrary code execution.
* Two integer overflow vulnerabilities exist in QuickTime's handling of .m4v and SMIL files. By enticing a user to access a maliciously crafted .m4v or SMIL file, the issue which may lead to an unexpected application termination or arbitrary code execution.
* Four design issues QuickTime for Java were resolved. One may allow security checks to be disabled. Another may allow Java applets to bypass security checks in order to read and write process memory. Another, JDirect exposes interfaces that may allow loading arbitrary libraries and freeing arbitrary memory. And finally, a vulnerability that may allow a malicious website to capture a client's screen content.
Security Response Researcher
Todd D. Woodward
Technical Support Engineer
[ reply ]
Copyright 2010, SecurityFocus