Original URL: http://www.reghardware.co.uk/2007/03/06/apple_quicktime_update/
Apple has released an updated version of its popular QuickTime media playback software that fixes eight security vulnerabilities.
QuickTime 7.1.5, which also contains a number of bug fixes, guards against exploits that might be as straightforward as tricking users into opening maliciously constructed media files. The flaws affect both Windows and Mac OS X versions of QuickTime. Successful exploitation would allow hackers to take control of vulnerable systems.
Normally, Apple does a good job at automatically updating its QuickTime software - providing users have selected its auto-update function - but the SANS Institute reports (http://isc.sans.org/diary.html?storyid=2363) that the updater tool that shipped with older versions of QuickTime doesn't apply to this particular patch, which security watchers rate as critical. Users are advised to install the update manually.
The vulnerabilities (http://secunia.com/advisories/24359/) were variously discovered by security staff at McAfee's Avert Labs, iDefense and independent researchers. More detail on the flaws can be found in Apple's security advisory here (http://docs.info.apple.com/article.html?artnum=305149). ®
QuickTime update fixes code-execution holes (6 November 2007)
http://www.theregister.co.uk/2007/11/06/new_quicktime_update/
Apple patches Windows QuickTime bug (4 October 2007)
http://www.theregister.co.uk/2007/10/04/windows_quicktime_update/
Apple TV gets its first critical security patch (20 June 2007)
http://www.reghardware.co.uk/2007/06/20/critical_appletv_patch/
Apple patches more than a dozen holes in OS X (25 May 2007)
http://www.reghardware.co.uk/2007/05/25/osx_security_update/
Safari zero-day exploit nets $10,000 prize (20 April 2007)
http://www.reghardware.co.uk/2007/04/20/pwn-2-own_winner/
Apple megapatch fixes multiple flaws (14 March 2007)
http://www.theregister.co.uk/2007/03/14/apple_megapatch/
Apple updates iTunes for AppleTV but not Vista (6 March 2007)
http://www.reghardware.co.uk/2007/03/06/apple_updates_itunes/
Maynor reveals missing Apple flaw (2 March 2007)
http://www.reghardware.co.uk/2007/03/02/maynor_apple_flaw/
Apple patches QuickTime bug (24 January 2007)
http://www.reghardware.co.uk/2007/01/24/apple_patches_quicktime_bug/
Month of Apple Bugs scheme yields first fixes (5 January 2007)
http://www.reghardware.co.uk/2007/01/05/apple_fixes_project/
Unpatched bug bites QuickTime (3 January 2007)
http://www.theregister.co.uk/2007/01/03/quicktime_vuln/
Hackers debut Mac OS X adware (24 November 2006)
http://www.reghardware.co.uk/2006/11/24/mac_os_x_adware/
Apple bitten by iTunes security bugs (11 January 2006)
http://www.reghardware.co.uk/2006/01/11/itunes_vulns/
Firefox and Mac security sanctuaries 'under attack' (19 September 2005)
http://www.theregister.co.uk/2005/09/19/symantec_threat_report/
Symantec false alert floors Macs (10 May 2005)
http://www.theregister.co.uk/2005/05/10/symantec_mac_false_alarm/