Apple Aims to Patch Persistent QuickTime Hole

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Apple's latest QuickTime update aims to fix a flaw that's persisted in the software for more than a year -- despite efforts by the computer maker to address it throughout that time.

The company now hopes to put that flaw to bed with its new QuickTime 7.2 update. The release repairs a command-injection issue in the QuickTime application's handling of URLs, affecting Windows Vista and Windows XP SP2 users. According to Apple, Mac OSX users were not at risk from the flaw.

"By enticing a user to open a specially crafted QTL file, an attacker may cause an application to be launched with controlled command-line arguments, which may lead to arbitrary code execution," Apple said in an advisory about the flaw.

The same issue apparently could have been triggered in Mozilla Firefox, when the browser calls a QuickTime file. Mozilla fixed the issue last month with the Firefox release.

Apple's update attempts to repair a problem that's been on the company's fix-it list for more than a year. The company first attempted to fix the issue in March with its QuickTime 7.1.5 update. That release sought to plug holes that made headlines in January, in connection with a month-long effort by two security researchers to detail Apple-related vulnerabilities, dubbed the Month of Apple Bugs project.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...