QuickTime Update Plugs More Holes
Latest update addresses five issues and follows the spring 2008 update to plug 11 security holes.Apple has released a new version of QuickTime to fix five security issues that could allow hackers to take control of a system via malicious movie or image files. The QuickTime 7.5 update comes roughly two months after Apple released Version 7.45 to plug 11 security holes in the application. This time around, the update addresses a series of buffer overflows, URL-handling flaws and memory corruption issues affecting Mac OS X and Windows XP and Vista users.
Among the issues is QuickTime's handling of PixData structures that when processing a PICT image can cause a heap buffer overflow and lead to arbitrary code execution or cause the application to close unexpectedly. The flaw affects Windows Vista and XP Service Pack 2 users only, the company stated in its advisory.