Apple Warns of Critical QuickTime for Windows Flaw

Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

Apple has shipped QuickTime 7.6.7 to fix a critical vulnerability that exposes Windows users to malicious hacker attacks.

The update, available for Windows XP SP3 and later, Windows Vista and Windows 7, corrects a flaw that could be exploited to launch remote code execution attacks.

According to Apple’s advisory, the flaw could be exploited with a maliciously crafted movie file.

A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging. This issue does not affect Mac OS X systems.

QuickTime 7.6.7 may be obtained from the Windows software update application, or from the QuickTime Downloads site.

Suggested articles

Discussion

  • Anonymous on

    And sadly, this still leaves vegas pro 8 users unable to work with .mov files.  So we get to choose either security (quicktimeplayer767.exe)  or production.(quicktimeplayer765.exe)

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.