[Steve]

Apple has just released an update its 'QuickTime' media player; this fixes seven flaws that could allow a malicious attacker to execute malicious programs remotely on computers running Mac OS X or Windows. To do this, the attacker would first need to trick the victim into viewing a maliciously crafted movie or image file. Quicktime is widely installed as a useful streaming media and File viewer.

The vulnerabilities include memory handling errors in the way that QuickTime processes PICT images, privilege escalation issues in QuickTime for Java, and the handling of "atoms," the special data structures that make up a QuickTime file. Six of the seven flaws could lead to remote code execution, according to Apple's advisory message (linked below). This latest update is Apple's fifth QuickTime security fix for the year. The previous update, QuickTime 7.2, released in July, featured eight bug-fixes.


The vulnerabilities affect Mac OS X 7.3.9 "Panther", 7.4.9 "Tiger", and 7.5 "Leopard," as well as Microsoft Windows XP Service Pack 2 and Windows Vista. The update, which can be downloaded through Apple's Software Update feature which may already be available on your [Start][Programs] menu, or via your Mac OSX system update utility. You can also download and install the QuickTIme update from Apple's Web site, which upgrades QuickTime to version 7.3.

You are strongly recommended to apply this update without delay. The Apple
QuickTime website is also linked HERE