Strategy, Vulnerability management

Apple pushes new QuickTime version for Windows

August 13, 2010
Apple on Thursday issued a new version of its QuickTime video player for Windows to address a "critical" vulnerability that could allow cybercriminals to execute arbitrary code on an affected system.

QuickTime 7.6.7 resolves a stack buffer overflow vulnerability in QuickTime's error logging process, according to Apple's advisory. Because of the flaw, viewing a maliciously crafted movie file could lead to unexpected application termination or arbitrary code execution.

The flaw impacts Windows 7, Vista, and XP SP 2 and 3, according to Apple. The issue does not affect Mac OS X systems. 

Meanwhile, researchers earlier this month discovered two movie files on file-sharing networks that were taking advantage of QuickTime Player to download malware from malicious websites.

But the attack, which used .MOV files that masqueraded as the new Angelina Jolie film Salt, did not take advantage of a flaw but instead relied on social engineering to trick users into downloading the malware, Apple has said.

This has been a busy week for Apple. The company on Wednesday issued updates for its iOS mobile operating system to fix a vulnerability widely being used to jailbreak the latest iPhone. The updated operating system versions are iOS 4.0.2 for iPhone and iPod Touch devices, and iOS 3.2.2 for iPad devices.

prestitial ad