toggle

AAPL Stock: 101.06 ( + 0.1 )

Printed from http://www.macnn.com

QuickTime 7.6 fixes 7 security issues

updated 02:30 pm EST, Wed January 21, 2009

QT 7.6 security fixes

Apple's QuickTime 7.6 update addresses seven security issues. The first issue involved accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of RTSP URLs. Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution. Version 7.6 fixes the issue by performing additional validation of RTSP URLs.

The second resolved issue occurred when viewing a maliciously crafted QTVR movie file, which could cause an unexpected application termination or arbitrary code execution. A heap buffer overflow exists in QuickTime's handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files. The update fixes the issue by improving bounds checking. The third issue occurred when viewing a maliciously crafted AVI movie file, leading to an unexpected application termination or arbitrary code execution. Again, a heap buffer overflow may occur while processing an AVI movie file. Once again, v7.6 fixes the issue through improved bounds checking.

The fourth and fifth issues are similar to the second and third risks, but involved MPEG-2 video files with MP3 audio content and H.263 encoded movie files. The same bounds checking improvement fixes the MPEG-2 issue, while additional validation of H.263 encoded movie files fixes the fifth issue.

Apple also resolved an issue with QuickTime's handling of Cinepak encoded movie files, which can cause a heap buffer overflow. Viewing a maliciously crafted movie file can lead to an unexpected application termination or arbitrary code execution. QuickTime 7.6 fixes the issue by performing additional validations of movie files. The last issue involves a heap buffer overflow in QuickTime's handling of jpeg atoms in QuickTime movie files, leading to application termination or arbitrary code execution. Improved bounds checking is once again the fix.

The update also features reliability and compatibility improvements. It is recommended for all QuickTime 7 users. The 75.1MB download (via software download) will work with Mac OS X 10.4.9 and higher and Windows Vista, XP SP2 and SP3.

Apple also said that the update improves single-pass H.264 encoding quality, increases playback reliability on Motion JPEG media, has better AAC encoding fidelity and exports more consistently when pulling audio tracks from MPEG video files. Version 7.6 also increases compatibility with iChat and Photo Booth.

Update: QuickTime MPEG-2 Playback Component for Windows has also been updated to add additional validation of MPEG-2 files as a security measure.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

Patriot Supersonic Rage XT 128GB USB drive

USB thumb drives are getting larger by the day, their growth speeding along with the availability and expansion of memory chips. But h ...

Autodesk Smoke 2015

Since May of this year, Autodesk has been shipping the highly anticipated update to its high-end post-production video editing suite, ...

Crucial MX100 256GB SATA-3 SSD

While the price-per-gigabyte ratio for magnetic platter-based hard drives can't be beat, the speed that a SSD brings to the table for ...

toggle

Most Commented