QuickTime 7.6.4 fixes video, FlashPix exploits
updated 04:05 pm EDT, Wed September 9, 2009
For both Mac and Windows systems
In tandem with iTunes 9, Apple has released QuickTime 7.6.4, a minor update to its signature AV playback software. The patch primarily fixes problems with H.264 and/or MPEG-4 playback, which exposed systems to crashes or arbitrary code execution. H.264 vulnerabilities were connected to memory corruption and heap buffer overflows, while an MPEG-4 flaw involved conventional buffer overflows.
Also fixed is the handling of FlashPix files, which could similarly produce crashes and exploits. Versions of the update are available for Mac OS X 10.4.11, Mac OS X 10.5.8, and Windows Vista, 7 or XP SP3. The update is irrelevant for owners of Snow Leopard, who already have access to QuickTime X.



Grizzled Veteran
Joined: Oct 1999
correction
Because the feature sets of Quicktime 7.x and Quicktime X have diverged, Quicktime 7.x is still an optional install under Snow Leopard so it is not true to say that this update is of no relevance to Snow Leopard users. MacNN always succeeds in just snatching complete accuracy away from their stories! Sometimes it's better to quit while you're ahead!