The update addresses 11 vulnerabilities in the multimedia player software, nine of which could be exploited by an attacker to remotely execute code on a target system.
All the flaws affect Windows XP and Vista systems. Eight of the vulnerabilities also affect the Mac OS X version of QuickTime.
Five remote code execution flaws could be exploited by way of specially-crafted movie files.
Such files could also be used to execute another flaw which allows for the launching of external URLs, which Apple said could allow for information disclosure.
Three of the flaws could be exploited by way of Pict files and used by an attacker for remote code execution.
The remaining two flaws include a remote code execution flaw in the handling of QuickTime VR files and a flaw which could allow Java applets to obtain elevated privileges.
The QuickTime update can be obtained via Apple's Software Update utility or at the Apple Downloads site.
Apple fixes critical QuickTime flaws
By
Shaun Nichols
on Apr 4, 2008 6:50AM
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Ingram Micro Ushers in the Age of Ultra
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Tech For Good program gives purpose and strong business outcomes
Kaseya Dattocon APAC 2024 is Back
Sponsored Whitepapers
-1.jpg&w=100&c=1&s=0)
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
.png&w=100&c=1&s=0)
