Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

QuickTime 7.1.5 Patches Panther, Tiger, XP, Vista Exploits

Apple has released an update to QuickTime for Mac OS X 10.3.9 and later, Windows XP, and Windows Vista. QuickTime 7.1.5 fixes numerous bugs, along with a flaw that could enable a maliciously crafted file to crash a program employing QuickTime or to allow arbitrary code execution - a phrase that often means there's a potential for an attacker to gain control of a computer or, at least, install malware.

Affected file types are broad: 3GP videos, MIDI files, native QuickTime movies, images in the venerable PICT file format, and QTIF files. Apple's notes indicate that a user need only open a maliciously crafted file, which means that Web sites could be used to launch attacks by embedding QuickTime documents in the right format.

There have been no reports of this flaw being exploited in the wild. A previous QuickTime flaw related to handling of JavaScript was exploited, notably on MySpace. Apple claims to have provided a temporary fix to MySpace, but it's unclear if that fix has made it into QuickTime 7.1.5.

 

Backblaze is unlimited, unthrottled backup for Macs at $5/month.
Web access to files means your data is always available. Restore
by Mail allows you to recover files via a hard drive or USB.
Start your 15-day trial today! <https://www.backblaze.com/tb>