QuickTime 7.4 fixes three bugs related to a memory corruption problem in the way the popular media player handles certain files, according to an Apple advisory. The other flaw is a buffer overflow that may occur when processing compressed images.
Today's update does not appear to resolve another buffer overflow vulnerability reported Thursday by Italian researcher Luigi Auriemma, according to Maarten Van Horenbeeck, SANS Internet Storm Center handler. That bug is caused by an error when processing RTSP (real-time streaming protocol) response messages.
The vulnerability, ranked “highly critical” by Secunia, only affects QuickTime for Windows, Auriemma told SCMagazineUS.com this week.
Before today's release, Apple's most recent QuickTime update – version 7.3.1 – closed three holes, including another RTSP flaw that was being actively exploited.
QuickTime version 7.3 was released in November, with the lone update pushed out in December.