Apple has released version 7.7.3 of QuickTime for Windows, closing several security holes in its media player application. According to the company, the latest update addresses a total of nine vulnerabilities, all of which could be exploited by an attacker to crash the application or execute arbitrary code on a victim's system.

These include a memory corruption issue and a buffer overflow when handling PICT files, multiple use-after-free and boundary errors, and problems when processing TeXML files that can be taken advantage of to cause a buffer overflow. For an attack to be successful, a user must first open a malicious web site or a specially crafted file. Updating to version 7.7.3 of QuickTime addresses these issues; all users are advised to upgrade.

QuickTime 7.7.3 for Windows supports Windows XP SP2 or later, Vista and Windows 7, and is available to download from Apple's Support Downloads site. Users who have the Software Update for Windows utility installed can upgrade to the new version by selecting "Apple Software Update" from the Start menu.

See also:

About the security content of QuickTime 7.7.3, security advisory from Apple.

(crve)