Apple pushes a QuickTime 7.6 security update

Addressing security issues for both the Mac and Windows platforms, Apple has released an update to QuickTime not unlike the one released last spring, only less prolific.

Seven QuickTime vulnerabilities are addressed in the latest update, all revolving around malware movie files that cause "unexpected application termination or arbitrary code execution."

Among these are heap buffer overflow issues in QuickTime's handling of THKD atoms in QTVR (QuickTime Virtual Reality) movie files, in the handling of RTSP (Real Time Streaming Protocol) URLs, and in handling JPEG atoms in QuickTime movie files. The other issues include a memory corruption issue in H.263 encoded movies, a signedness issue in Cinepak-encoded files, and a buffer overflow involved with the handling of MPEG-2 videos with MP3 audio.

The update is available at support.apple.com/downloads for Windows Vista and XP SP2 and SP3, or through "Software Update" in the OS X (v10.4.9 - v10.5) command menu.