Memory corruption, buffer overflows, “use after free” issues patched
A total of 9 vulnerabilities existed in old implementations of QuickTime 7 on Windows, all of which were patched in a swift update released yesterday by the computer company at 1 Infinite Loop, Cupertino, California.Affecting Windows 7, Windows Vista, and Windows XP SP2 or later installations, a buffer overflow existed in the handling of REGION records in PICT files in QuickTime.
Apple states that “Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution,” and that this issue has been fixed through “improved bounds checking.”
This and eight more similar vulnerabilities have been discovered in QuickTime 7 builds on Windows. The latest version, QuickTime 7.3.3, addresses every one of them with Apple crediting their discoverers in a typical security advisory on its Support site.
Download QuickTime 7.7.3 for Windows (Free)