Apple pushed out version 7.7.4 of its multimedia framework QuickTime for Windows users on Wednesday, addressing a handful of issues, some which could have led to arbitrary code execution and caused the program to unexpectedly terminate. It’s Apple’s first QuickTime update of the year and the first for Windows users since last November.
A dozen vulnerabilities were fixed – 11 of the 12 were reported by security researchers in tandem with HP’s Zero Day Initiative.
A bulk of the vulnerabilities stemmed from how the framework handled playing maliciously crafted movie and MP3 files. In some cases, vulnerabilities existed in the framework that could be exploited if someone were to open malicious QTIF files, JPEG files, FPX files or MVHD atoms – the containers QuickTime uses for movie data.
Apple improved bounds checking – the method of detecting whether a variable is within some bounds before its use – to address memory corruption issues and buffer overflows on QuickTime.
According to Apple’s Mailing Lists, who have an in-depth rundown of all the patches, the vulnerabilities affect versions of QuickTime on Windows 7, Vista, XP SP 2 and later.
The update, which can be found in the Downloads section of Apple’s site is recommended for anyone still running QuickTime 7 on Windows machines.
