The update to version 7.1.5 resolves flaws that can be exploited through the execution of arbitrary code should users click on a maliciously crafted media file.
The bugs involve the digital video software’s handling of 3GP video files, MIDI files, QuickTime movie files, UDTA atoms, PICT files and QTIF files.
If an attacker dupes a user into opening the malicious file, he can trigger either an integer or buffer overflow, which can cause an application crash or result in remote code execution.
Vulnerability tracking firm Secunia rated the flaws "highly critical."
"If you use QuickTime, I would definitely recommend that you install the update as soon as possible as some of those security vulnerabilities look nasty," SANS Internet Storm Center handler Bojan Zdrnja told readers late Monday.
An Apple spokesperson could not be reached for comment.
Apple QuickTime update patches critical flaws
By Dan Kaplan on Mar 7, 2007 12:00AM