Apple fixes QuickTime vulnerabilities, eases iTunes/Vista compatibility woes

Stephen Withers
Tuesday, 06 March 2007 05:29

Business IT - Technology

An update to Apple's QuickTime software patches a slew of vulnerabilities affecting Windows 2000, XP and Vista, as well as Mac OS X 10.3.9 and later. The problems it addresses are serious, as they provide opportunities for arbitrary code execution. The company has also delivered a new version of iTunes for Mac and Windows, improving Vista compatibility.

Several of the QuickTime vulnerabilities are triggered by maliciously crafted files of various kinds. The updated routines in QuickTime 7.5.1 provide additional checking of particular file types to avoid the chance of crashes or arbitrary code execution caused by the following conditions.

3GP: Windows only (integer overflow).

MIDI: Mac and Windows (heap buffer overflow.

MOV: Mac and Windows (heap buffer overflow and integer overflow}.

PICT: Mac and Windows (heap buffer overflow).

QTIF: Mac and Windows (heap buffer overflow and integer overflow).

Since most Mac applications would use QuickTime to handle these file types,  the update is especially important to Mac OS X users. While iTunes (see below) is the main QuickTime application for Windows, the update may be seen as less critical for users of Microsoft's operating systems. However, a number of multimedia titles are based on QuickTime, and it is possible for any of the common multimedia file types to be associated with QuickTime player - either by the user's deliberate action or at an application's behest.

QuickTime 7.1.5 also provides "numerous [unspecified] bug fixes" according to Apple.

Read on for information about the new iTunes, including Vista compatibility.