Running QuickTime may well involve more risk to users than just the risk of seeing bad video content. Apple has pushed out a security update for its QuickTime software, the second security update to the media playing software in just over a month.

QuickTime version 7.3 fixes at least 7 security issues that could have left users PC or Macs at the mercy of hackers.

Two of the fixes deal with separate flaws related to how QuickTime provides descriptions for images. CVE-2007-2395 describes a flaw whereby if a user simply viewed a QuickTime file with a corrupt image description it could trigger arbitrary code execution. Apple has now added new file validation checks to ensure that won't happen anymore. In another fix related to descriptions, the issue that Apple identified was a heap buffer overflow condition that also could have allowed for arbitrary code execution.

Java usage also presented a problem for QuickTime.

CVE-2007-3751 describes what the Apple advisory identifies as multiple vulnerabilities," which may allow untrusted Java applets to obtain elevated privileges." The fix? Apple has now ensured that untrusted Java applets can't access QuickTime.

This article was first published on InternetNews.com. To read the full article, click here.