• On TV.com: TOP 10 Shows CANCELED Too Soon
July 11, 2007 3:57 PM PDT

Apple updates QuickTime 7.2 with eight security fixes

by Robert Vamosi
  • Font size
  • Print
  • 6 comments
Share

In addition to providing full-screen viewing and various iPhone options, the latest version of QuickTime 7.2 includes eight important security fixes. This update affects users of Mac OS X v10.3.9, Mac OS X v10.4.9, as well as users of Windows XP and Windows Vista. The QuickTime update is available from Apple's Software Download for both Mac OS X and Windows users.

QuickTime H.264 movie files
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2295. When viewing a maliciously crafted H.264 movie, an attack may produce an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for reporting this issue.

QuickTime
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2392. When viewing a maliciously crafted movie file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits to Jonathan "Wolf" Rentzsch of Red Shed Software for reporting this issue.

QuickTime .m4v file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2296. When viewing a maliciously crafted .m4v file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits Tom Ferris of Security-Protocols.com for reporting this issue.

QuickTime SMIL file
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2394. When viewing a maliciously crafted SMIL file, an attack may lead to an unexpected application termination or arbitrary code execution. Apple credits David Vaartjes of ITsec Security Services, working with the iDefense VCP, for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2397. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2393. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java JDirect
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2396. When visiting a malicious Web site, an attack may lead to arbitrary code execution. Apple credits Adam Gowdiak for reporting this issue.

QuickTime for Java
This patch affects users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, and XP SP2 and addresses the vulnerability in CVE-2007-2402. When visiting a malicious Web site, an attack may lead to arbitrary code execution.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
Topics:

Security

Tags:

Security,

Apple,

Quicktime

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Use QuickTime 7 for authenticated streams in Snow Leopard
Browser security features compared
Apple plugs holes for domain spoofing, other attacks
Rotate vertical videos using iMovie '09 or Quicktime Pro 7
Multiple updates for Chrome stable and dev
Apple releases Java updates for OS X 10.5 and 10.6
Alterna-browsers Firefox, Chrome get quick fixes
On Call: All about the Droid
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
Apple better get their %#$%#! together...
by SecurityExpertMan July 11, 2007 7:28 PM PDT
It's been nothing but a security nightmare recently with their
software.

Apple is currently leading the pack in vunerabilities, more than
Windows, Linux and Unix.

The only thing saving them, is their high price of hardware
required to get Mac OS X and their still low market share.

They would be dead meat if they had the market share of
Windows right now.

I'm typing this from my triple secured MacBook Pro.

BTW: EFI is a major security issue as well. Who the hell releases a
firmware level so powerful that it can contact the internet,
download and run code, read hard drives without even the OS
being loaded or running? Yea, better read up on this, Apple
doesn't give a ratts behind about secuirty or privacy anymore.

I hope things change soon.
Reply to this comment
allarme del troll
by Lee in San Diego July 11, 2007 7:56 PM PDT
Troll alert
Wow the heck...
by FuturDreamz July 11, 2007 10:44 PM PDT
does it download code?
If you mean NetBoot, PCs BIOSs do that too, and the OS isn't
running then, either.
??their high price of hardware??
by the Otter July 12, 2007 5:24 AM PDT
LOL. My Dell-loving boss bought me a then?top-of-the-line Power
Mac G5 because a similarly configured Dell cost over $2,200 more.
The company still uses mostly Dells, but he?s got three Macs at
home, now.
Quicktime Update
by bearleeonehere July 16, 2007 8:56 AM PDT
Did you know that if you have Quicktime Pro and you update, that you have to shell out $30 AGAIN to buy the Pro version AGAIN! Apple is turning into a "nickle and dime" company. I knew there was a reason I never switched to Apple from PC.
Reply to this comment
Updates that set us backwards
by steelgray August 10, 2007 10:57 PM PDT
Pple came out with an update for QuickTime. The new version is 7.2. I have QuickTime Pro and did the update. Well now the new QuickTime does not play mov files. The sound on the files work, but the video is frozen for most of the videos. Apple must know about the problem since on their site users have been chatting up a storm about the problem. It seems to be with XP and Vista.
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement

The yogurt makers of tech: Gadgets to avoid

Don't buy these one-trick ponies--unless you like gizmos that gather dust.

Google wants to unclog Net's DNS plumbing

The Net giant, ever eager for a faster Internet, debuts its Google Public DNS service. With it, Google could become even more central to the Net.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET