Apple fixes security issues with QuickTime 7.5

By Elinor Mills on 12 June 2008

Tags: aac | apple | fix | mac | quicktime | security | software | video | 7.5 | issue

Apple released QuickTime 7.5 late on Monday, fixing a handful of security issues, including holes that would have allowed someone to run malicious code on a computer and remotely control it.

One of the issues, which would have allowed a maliciously crafted PICT image file to run code, affected computers running Windows Vista and XP SP2.

Four other issues affected Vista and XP SP2, as well as Mac OS X 10.3.9, Mac OS X 10.4.9 through 10.4.11, and Mac OS X 10.5 or later. QuickTime 7.5 fixes a memory corruption issue in the software's handling of AAC-encoded media content; a heap buffer overflow related to PICT images; a stack buffer overflow related to the handling of Indeo video codec content; and a URL issue that was addressed by revealing files in Finder or Windows Explorer rather than launching them.

More information can be found on the Apple website.

Credit for reporting the different security issues was given to Dyon Balding of Secunia Research; Dave Soldera of NGS Software and Jens Alfke; Liam O Murchu of Symantec; an anonymous researcher working with TippingPoint's Zero Day Initiative; and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, along with Petko D. Petkov of Gnucitizen working with TippingPoint's Zero Day Initiative.

Two months ago, Apple released QuickTime 7.4.5, which addressed a number of "highly critical" security flaws in the media player.

Like this article? Click below to send it to your mobile for free!

Be the first to comment on this article!

  • Leave a comment

All fields marked with * are required

What do you think

Your e-mail will not be displayed

You must read and type the 6 chars within 0..9 and A..F

You must read and type the 6 chars.


  • How Seven blew the internet Olympics

  • ABC's Web TV a hit

  • Free Speed: Make your Mac faster

  • Apple fixes security issues with QuickTime 7.5

  • Oi!: Brand Tags' clouds cut through marketing hype

  • Google offers YouTube video software for Macs

  • Adobe moves to broaden Flash reach

  • What's next for Flickr video?

  • Videophlow tries to enliven YouTube

More articles »

Find the right software

Brand

    • Multiple options can be selected

    The Explain Series

    Telstra Explains ADSL2+

    • Roxio Easy Media Creator 10

      Roxio Easy Media Creator 10

      There's not much you can't do with Roxio's Easy Media Creator 10 Suite, although we'd dearly like to see more of the applications play nicely with each other.

    • Dazzle DVD Recorder DVC 100

      Dazzle DVD Recorder DVC 100

      Got old home movies gathering dust and mould? The DVC-100 offers a stress-free way to archive them to DVD for posterity, although critically it doesn't really do much more than that.

    • Pinnacle Studio 11

      Pinnacle Studio 11

      Pinnacle's Studio Ultimate offers a nice bridging gap product for those with low or high end video shooting equipment but little knowledge in video editing. Its Activation process is a royal pain, and set-up is likewise fiddly, but it ranks amongst the best in its class for ease-of-use video editing.

    • Apple iLife '08

      Apple iLife '08

      Apple iLife '08 is a fine, affordable media-editing suite that should keep beginners and hobbyists happy when managing pictures, videos, songs and podcasts, but those seeking to fine-tune movies should look elsewhere.

    • Apple Final Cut Studio 2

      Apple Final Cut Studio 2

      Final Cut Studio 2 is a solid value and worthy upgrade for serious film editors who work on Macs. However, hobbyists should consider simpler software.

    More reviews »

    Membership benefits

    Manage and receive subscriptions

    Manage and receive subscriptions

    Choose to receive an e-mail update containing our best articles either daily, weekly or monthly. Sign up for a free CNET.com.au membership now!