|
More media flaws patched by QuickTime 7.5 |
|
|
by Stephen Withers
|
|
Wednesday, 11 June 2008 |
Malformed media files continue to be a popular way of subverting software. Apple's QuickTime 7.5 fixes another five
vulnerabilities uncovered by researchers.
Available for Mac OS X and Windows XP and Vista, QuickTime 7.5 addresses two heap buffer
overflows in the handling of malformed PICT files, a memory corruption issue associated with malformed AAC files, and
a stack buffer overflow triggered by malformed Indeo video files.
All four are said to be exploitable to cause unexpected application termination or arbitrary code execution.
Interestingly, the fix for the Indeo issue is that QuickTime 7.5 simply does not attempt to render Indeo content. That's not
as drastic as it seems, since to the best of my knowledge QuickTime on Mac OS X has never supported Indeo.
The fifth vulnerability allowed QuickTime files to open arbitrary applications or documents by specifying a file: URL.
QuickTime 7.5 changes this behaviour to merely showing the specified file in the Finder or Windows Explorer.
According to Apple officials, QuickTime 7.5 also improves compatibility with certain unspecified applications.
Separate versions of QuickTime 7.5 are available for Mac OS X 10.5 Leopard, 10.4 Tiger, 10.3 Panther, and Windows
XP and Vista. Download sizes range from 23 to 56M. They can be downloaded from Apple's web site, or via Software
Update (Mac) or Apple Software Update (Windows).
|
Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. 
Our Blogs 
Tags
