Apple's QuickTime update patches security flaws on Mac, Windows

Stephen Withers
Thursday, 12 July 2007 03:11

Business IT - Technology

An update to Apple's QuickTime software overcomes critical security vulnerabilities affecting the Mac OS X and Windows versions, fixes "numerous" bugs, and updates the H.264 codec. The security issues repaired by QuickTime 7.2 previously allowed maliciously crafted H.264, movie, .m4v and SMIL files to execute arbitrary code or to cause applications to crash.

The update also addresses multiple problems in QuickTime for Java that could allow maliciously crafted Java applets to trigger arbitrary code execution or to capture the contents of the screen, possibly leading to the disclosure of sensitive information.

QuickTime 7.2 also supports full screen playback, a feature restricted in recent versions of the software to purchasers of a QuickTime Pro licence key. Since full screen mode was accessible with a three-line AppleScript, restoring this functionality makes good sense.

QuickTime 7.2 is available from Apple's web site for Mac OS X and Windows. It can also be installed by using the Software Update (Mac) or Apple Software Update (Windows) utilities.