Apple patches critical QuickTime vulnerability for Windows

Apple has released a QuickTime update for Windows users that reportedly patches a vulnerability that could have left users open to remote code execution attacks.

QuickTime, Apple software which allows users to "watch Internet video, HD movie trailers, and personal media clips," as well as various other functionality, comes packaged with Apple's popular iTunes software -- although users can choose to uninstall the software at a later date.

According to the update description, the patch fixes a flaw -- by disabling debug logging -- which existed in the media application's error logging system that could potentially have led to an "unexpected" termination of QuickTime or see "arbitrary code" executed if a rogue or malicious media file was played.

"A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging," the update description explains.

The update became available over the weekend with the release of Quicktime 7.6.7, and is only available for systems running Microsoft Windows -- the problem doesn't affect those running QuickTime on Apple's own Macintosh operating system. You can download the latest version of QuickTime from Apple's website, or use the Apple Software Update tool installed on your computer to download the patch.

Report a problem with article
Previous Story

WiMax 2 standard to get final stamp of approval soon

Next Story

Microsoft celebrates Internet Explorer's 15th birthday

24 Comments

Commenting is disabled on this article.

QuickTime is dead, they just don't know it. People are watching movie trailers on YouTube or maybe Yahoo! these days in Flash. What is QuickTime anyway? It's not a codec, it's a container like avi or mkv using h.264 for video and aac for audio. Who cares for that lame container anyway?

Have not loaded QT in a looooonnnng time. And not because its Apple. I used to go to sites and DL files that required QT, but not anymore. QT is dying...or should die.

It is funny that Apple gets on Adobe's case for having slow, bloated software with security issues. QT is horribly slow and not very efficient and now has security problems.

swanlee said,
It is funny that Apple gets on Adobe's case for having slow, bloated software with security issues. QT is horribly slow and not very efficient and now has security problems.

What do you think Windows Media Player for Mac was like? Eventually Microsoft stopped developing WMP for Mac altogether and is forcing some third-party plugin onto Mac users if they want to view Windows Media content. It goes both ways really.

About the whole security problems thing: Basically every piece of software that connects to the internet has the potential to be a breach in security. Internet Explorer, Flash, Firefox etc. aren't bulletproof either.

I don't understand why Apple keeps making Quicktime when they have iTunes which is a lot better. Apple should merge these 2 programs.

wolftail said,
I don't understand why Apple keeps making Quicktime when they have iTunes which is a lot better. Apple should merge these 2 programs.

Huh? Quicktime is the media backbone of iTunes. iTunes is simply the library, store and general frontend for Quicktime. Quicktime Player is the standalone player component. Think of it in terms of Windows Media Player: Quicktime is the same as the Windows Media Format Runtime files, Quicktime Player is more like the older versions of Windows Media Player or like Media Player Classic, iTunes is like newer versions of Windows Media Player or the Zune software.

roadwarrior said,

Huh? Quicktime is the media backbone of iTunes. iTunes is simply the library, store and general frontend for Quicktime. Quicktime Player is the standalone player component. Think of it in terms of Windows Media Player: Quicktime is the same as the Windows Media Format Runtime files, Quicktime Player is more like the older versions of Windows Media Player or like Media Player Classic, iTunes is like newer versions of Windows Media Player or the Zune software.

I still do think Apple should merge them into one product.

wolftail said,
I don't understand why Apple keeps making Quicktime when they have iTunes which is a lot better. Apple should merge these 2 programs.

The day Apple merges Quicktime with iTunes is the day when I stop using the last piece of Apple software on any of my computers.

I stopped using iPods threeyears ago when I found a different way to store my music in my car (SD cards), don't need those overpriced gimmicks from Apple anymore. I refuse to install the bloated garbage of iTunes, never had an iPhone because my Desire is doing much better than anything Apple can ever offer so the only thing remaining from Apple which I use is quicktime... but most probably at the next occasion I will switch over to Quicktime alternative.

hagjohn said,
How come it hasn't hit Apple software update on windows?

Good question, doesn't show up in ASU here either. At least it's on the Quicktime site.

MFH said,

+2

+3, its horribly sluggish (like the apple site).
.mov files need to be abandoned all together for something more "open".

barteh said,

.mov files need to be abandoned all together for something more "open".

You mean something like H264 files? Oh, wait, Apple did that already. Your comment could equally be applied to Microsoft with their WMV files as well.

James Riske said,
Quicktime just needs to be abandoned altogether.

What Apple need is to update the damn GUI of quicktime 7. Still look like a 10 year old program.

roadwarrior said,

You mean something like H264 files? Oh, wait, Apple did that already. Your comment could equally be applied to Microsoft with their WMV files as well.

Um yeah...., h264 isint open