“A heap buffer overflow exists in QuickTime's handling of FlashPix files,” the support document detailing the security content of the update continues.
This update addresses the issue through improved bounds checking.” Apple credits Alex Selivanov for reporting the issue. “Opening a maliciously crafted MPEG-4 video file may lead to an unexpected application termination or arbitrary code execution.
“A buffer overflow exists in QuickTime's handling of MPEG-4 video files,” the description of one of the vulnerabilities goes. The company behind the Mac operating system advises users to purchase a QuickTime 7 Pro registration code, if they are QuickTime 6 Pro users, and then proceed with this installation, in order to regain QuickTime Pro functionality.Īs for the security side of the update, Apple has patched three holes in the player, all affecting users of Mac OS X v10.4.11, Mac OS X v10.5.8, Windows 7, Vista and XP SP3.
On the Support section of its website, Apple reveals that installing QuickTime 7.6.4 will disable the QuickTime Pro functionality in prior versions of QuickTime, such as QuickTime 6. Recommended for all QuickTime 7 users, the new version also adds security fixes – three, to be precise, for Mac OS X v10.4.11, Mac OS X v10.5.8, Windows 7, Vista and XP SP3. QuickTime 7.6.4 includes changes that increase reliability, improve compatibility and enhance security, according to Apple.
