QuickTime 7.3 fixes critical security flaws
updated 04:30 pm EST, Mon November 5, 2007
Security fixes
QuickTIme 7.3, released earlier today, introduces several major security enhancements, closing some serious holes in Apple's multimedia playback engine. The first involves a situation where viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This is because memory corruption issue existed in QuickTime's handling of image description atoms. By enticing a user to open a maliciously crafted movie file, an attacker could cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime image descriptions.
The second is a flaw is similar in impact, and deals with a heap buffer overflow that existed in QuickTime Player's handling of Sample Table Sample Descriptor (STSD) atoms. By enticing a user to open a maliciously crafted movie file, an attacker could cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of STSD atoms.
There is a third arbitrary code execution flaw, where opening a maliciously crafted PICT image may lead to an unexpected application termination or malicious code execution. A stack buffer overflow exists in PICT image processing. By enticing a user to open a maliciously crafted image, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT files.
One more opportunity for arbitrary code execution existed, this one through viewing maliciously crafted QTVR movies. A heap buffer overflow exists in QuickTime's handling of panorama sample atoms in QTVR (QuickTime Virtual Reality) movie files. By enticing a user to view a maliciously crafted QTVR file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing bounds checking on panorama sample atoms.
Another flaw involves untrusted Java applets, which could obtain elevated privileges. Multiple vulnerabilities existed in QuickTime for Java, which could allow untrusted Java applets to obtain elevated privileges. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker could cause the disclosure of sensitive information and arbitrary code execution with elevated privileges. This update addresses the issues by making QuickTime for Java no longer accessible to untrusted Java applets.
