Apple recently released version 7.7.2 of QuickTime for Windows PCs, patching 17 vulnerabilities.
"The QuickTime 7.7.2 update fixes flaws in versions for Windows 7, Windows Vista and Windows XP SP2 or later, one of which is a major bug that could allow an attacker to remotely execute code on a target system," writes The Inquirer's Lee Bell. "Other vulnerable QuickTime components addressed are tools that handle movie files, MP4 content and web pages."
"The vulnerabilities in the QuickTime software that called for this update were ones in which a maliciously crafted QuickTime file could take control of a machine, in ways similar to exploits for other software packages like Java, Flash, Word, and Adobe Reader," write CNET News' Topher Kessler. "The malicious file would cause a buffer overflow or other memory corruption that would return a corrupted memory pointer, which could then execute code stored at that memory address."
"Most of the issues were reported through HP's Zero Day Initiative, which provides security researchers with a legitimate way of making some money from their findings," writes iTWire's Stephen Withers. "In return for paying for the bugs (which it promptly reports to the vendor concerned), HP is able to add protective measures to its security products ahead of fixes being delivered by the vendor."
"The QuickTime patch is the third update pushed out by Apple in the last week," notes Threatpost's Christopher Brook. "Yesterday the company issued a patch to protect Leopard users from the Flashback Trojan, while last week, they released updates for OS X Lion and Safari to block out-of-date versions of Flash."