Apple patches QuickTime for Macs, Windows

Apple Computer on Tuesday released an update to its QuickTime media player software that fixes seven security flaws, all of them serious.

The QuickTime vulnerabilities affect both Windows and Apple Mac OS X machines. Apple's update comes on the same day the company announced new digital music and video plans. Also, Microsoft on Tuesday released fixes for Office and Windows flaws.

The security flaws in QuickTime are all due to the application's failure to properly check and sanitize files in several formats: H.264, QuickTime, FLC, FlashPix and SGI. An attacker could craft a malicious file in any of those formats which, when opened, would fully compromise a vulnerable system or cause QuickTime to crash.

"A successful exploit may result in a remote compromise of the underlying computer," Symantec said in an alert sent to users of its DeepSight security intelligence service.

There are no known exploits for the flaws, Symantec said. This limits the threat. Apple regularly provides security updates for QuickTime, and often the flaws are in the handling of various file formats. Experts have said that cyberattackers are increasingly looking for flaws in applications.

Apple repaired the flaws in version 7.1.3 of QuickTime, which is available via the company's Software Update service and from the QuickTime Web site.

[techguy83]

glad to see Apple fixing this quickly

Seeing as this affected Windows or OSX boxes.

[Vegaman_Dan]

Response and Responsibility

I'm just glad they are acknowledging it instead of the way most security updates are handled by companies today- after the fact.

No product is perfect.

[Seaspray0]

When was this issue reported?

The article makes no mention of when Apple was made aware of this issue. The time between then and now will tell you how quickly Apple fixed the issue. Both Apple and Microsoft typically take between a few days to a few months to fix any particular issue (more severe issues tend to be fixed faster).