Apple continued its recent parade of patches by releasing an update for Quicktime yesterday, fixing 17 different security vulnerabilities, several which could lead to remote code execution.
The update, Quicktime 7.7.2, addresses critical issues in Quicktime for Windows 7, Vista and Windows XP SP2 or later.
Fourteen of the 17 vulnerabilities were discovered by researchers working with HP’s Zero Day Initiative, including six that were credited to Italian researcher Luigi Auriemma. Most of the vulnerabilities lie in the way that Quicktime handles certain files that could be exploited if a user visited a malicious website serving Quicktime content, or viewed a malicious Quicktime media file.
The Quicktime patch is the third update pushed out by Apple in the last week. Yesterday the company issued a patch to protect Leopard users from the Flashback Trojan, while last week, they released updates for OS X Lion and Safari to block out-of-date versions of Flash.