Apple unveils QuickTime 7.4, fixes four flaws

Apple today released its latest QuickTime version to plug four vulnerabilities that, if exploited, could install malicious code on users' machines.

QuickTime 7.4 fixes three bugs related to a memory corruption problem in the way the popular media player handles certain files, according to an Apple advisory. The other flaw is a buffer overflow that may occur when processing compressed images.

Today's update does not appear to resolve another buffer overflow vulnerability reported Thursday by Italian researcher Luigi Auriemma, according to Maarten Van Horenbeeck, SANS Internet Storm Center handler. That bug is caused by an error when processing RTSP (real-time streaming protocol) response messages.

The vulnerability, ranked “highly critical” by Secunia, only affects QuickTime for Windows, Auriemma told this week.

Before today's release, Apple's most recent QuickTime update – version 7.3.1 – closed three holes, including another RTSP flaw that was being actively exploited.

QuickTime version 7.3 was released in November, with the lone update pushed out in December.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.