Establishing Digital Trust: Don't Sacrifice Security for Convenience
Hidden behind the massive hype that was the iPhone 3G launch is the fact that Apple's critical QuickTime software, which enables multimedia playback and iTunes, remains software under siege.
The QuickTime 7.5 update fixes five issues that could potentially leave users at risk from attackers.
Though Apple (NASDAQ: AAPL) is patching QuickTime yet again, at least one of the security firms responsible for discovering some of the QuickTime flaws believes that Apple is moving some of the updates in a timely fashion.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iFour of the issues affect QuickTime running on both Mac and Windows, while one issue is unique to Windows.
The Windows-only QuickTime 7.5 patch deals with a flaw in how the media software handles PICT images, which is identified as CVE-2008-1581. The flaw could have let an attacker execute arbitrary code or trigger an application crash.
A separate issue regarding PICT handling affects both Windows and Mac versions of QuickTime, and Apple identifies it as CVE-2008-1583.
Another flaw relates to how QuickTime handles the AAC format, which is the default for iTunes content. This problem could lead to a crash or arbitrary code execution.
3Com's Tipping Point division is credited with reporting the final two flaws fixed in QuickTime 7.5. The patch for the issue CVE-2008-1584 fixes a flaw in how QuickTime handles Indeo video media content.