Topic: Apple release critical QuickTime update for Windows (download)

[Samker]

Apple has released a QuickTime update for Windows users that reportedly patches a vulnerability that could have left users open to remote code execution attacks.

QuickTime, Apple software which allows users to "watch Internet video, HD movie trailers, and personal media clips," as well as various other functionality, comes packaged with Apple's popular iTunes software -- although users can choose to uninstall the software at a later date.

According to the update description, the patch fixes a flaw -- by disabling debug logging -- which existed in the media application's error logging system that could potentially have led to an "unexpected" termination of QuickTime or see "arbitrary code" executed if a rogue or malicious media file was played.

"A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging," the update description explains.

The update became available over the weekend with the release of Quicktime 7.6.7, and is only available for systems running Microsoft Windows -- the problem doesn't affect those running QuickTime on Apple's own Macintosh operating system. You can download the latest version of QuickTime from Apple's website: http://www.apple.com/quicktime/download/ , or use the Apple Software Update tool installed on your computer to download the patch.

(NW)