ID: IRCNE2012051502
Date: 2012-05-16
According to "cnet", Apple issued a QuickTime update today that addresses a number of security vulnerabilities in the media player and its Web plug-in. This update is only for Windows-based machines that have QuickTime installed, since Mac systems have had this update applied in recent security updates for OS X.
Apple's QuickTime media player and plug-in are used by about half of all Windows PCs and all of Apple's systems since OS X includes QuickTime as a core component of the OS. Because of its popularity, attackers may use vulnerabilities in it as a vector for compromising the system on which it is installed.
The vulnerabilities in the QuickTime software that called for this update were ones in which a maliciously crafted QuickTime file could take control of a machine, in ways similar to exploits for other software packages like Java, Flash, Word, and Adobe Reader. The malicious file would cause a buffer overflow or other memory corruption that would return a corrupted memory pointer, which could then execute code stored at that memory address.
If you have QuickTime installed on your system, be sure to update it to the latest version using Apple's Software Update utility or by downloading the latest QuickTime installer from Apple's QuickTime Web site. Even if you do not use the QuickTime media player, by having QuickTime installed on your system other programs such as Web browsers may use the plug-in to play media content.
As always, be sure to back up your system when applying this or any other update.
- 2