updated 04:05 pm EDT, Wed September 9, 2009
For both Mac and Windows systems
In tandem with iTunes 9, Apple has released QuickTime 7.6.4, a minor update to its signature AV playback software. The patch primarily fixes problems with H.264 and/or MPEG-4 playback, which exposed systems to crashes or arbitrary code execution. H.264 vulnerabilities were connected to memory corruption and heap buffer overflows, while an MPEG-4 flaw involved conventional buffer overflows.
Also fixed is the handling of FlashPix files, which could similarly produce crashes and exploits. Versions of the update are available for Mac OS X 10.4.11, Mac OS X 10.5.8, and Windows Vista, 7 or XP SP3. The update is irrelevant for owners of Snow Leopard, who already have access to QuickTime X.