Apple pushes new QuickTime version for Windows

By

Flaw impacts Windows 7, Vista, and XP SP 2 and 3.

Apple has issued a new version of its QuickTime video player for Windows to address a "critical" vulnerability that could allow cybercriminals to execute arbitrary code on an affected system.

QuickTime 7.6.7 resolves a stack buffer overflow vulnerability in QuickTime's error logging process, according to Apple's advisory. Because of the flaw, viewing a maliciously crafted movie file could lead to unexpected application termination or arbitrary code execution.

The flaw impacts Windows 7, Vista, and XP SP 2 and 3, according to Apple. The issue does not affect Mac OS X systems. 

Researchers earlier this month discovered two movie files on file-sharing networks that were taking advantage of QuickTime Player to download malware from malicious websites.

But the attack, which used .MOV files that masqueraded as the new Angelina Jolie film Salt, did not take advantage of a flaw but instead relied on social engineering to trick users into downloading the malware, Apple has said.

See original article on scmagazineus.com

Apple pushes new QuickTime version for Windows
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Sportsbet recruits 'security champions' in shift-left strategy

Sportsbet recruits 'security champions' in shift-left strategy

Log In

  |  Forgot your password?