Apple Issues Quicktime 7.7, Mitigates Multiple Security Vulnerabilities

By Author: eccuni
Total Articles: 211
Comment this article

Recently, Apple released QuickTime 7.7 to resolve several security issues. QuickTime is a multimedia framework, which allows users to add, edit, create and capture audio and video media, and is available for both Mac and Windows users. Out of the 14 vulnerabilities addressed in the latest update, 13 could cause unexpected termination of application or execution of arbitrary code and one could cause disclosure of video data. The vulnerabilities affect Mac OS X 10.5, Mac OS X 10.6, Windows 7, Vista, Windows XP Service Pack (SP) 2 and later. The security update resolves several stack or heap buffer overflow issues associated with handling of pict files, JPEG files, GIF images, H.264 encoded movie files, QTL files and STSC , STSS, STSZ, STTS atoms in QuickTime’s movie files. However, buffer overflow issues in GIF images, H.264 and QTL files do not affect Mac OS. The security update addresses multiple memory corruption issues in QuickTime’s handling of JPEG 2000 images and sample Tables in QuickTime movie files. The update also resolves integer overflow in handling of RIFF WAV files and audio channels. Viewing a malicious image ...
... or movie file may cause unexpected termination of application or allow execution of arbitrary code.

The latest version resolves a cross-origin issue in the handling of cross-site redirects, which may cause disclosure of video data from a different site on visiting a malicious website. The security issues addressed in the latest patch do not affect OS X Lion, the new operating system offered by Apple. Professionals associated with different organizations such as TippingPoint, Computer Emergency Response Team Coordination Center (CERT/CC) and Microsoft Vulnerability Research (MSVR) reported the vulnerabilities to Apple. The ever evolving malicious threats in the IT environment make it inevitable for IT professionals to improve their capabilities through iPad training and online university degree programs.

QuickTime users must immediately upgrade to the latest version by using the software update function in their system. Users intending to download QuickTime must do so by directly visiting the website of the developer. Adherence to security updates is crucial to protect applications and systems from malicious attacks. Attackers attempt to extract confidential data by installing malware. Users may keep themselves up-to-date on threats in the IT environment by following security blogs and enhance awareness through online degree programs.

Professionals qualified in computer science degree program may help developers in understanding the risks involved in the operating environment and evolve more secured technologies and products.