Softpedia >Mac >Multimedia >Apple QuickTime >  Changelog

Apple QuickTime Changelog

What's new in Apple QuickTime 7.7.0

Aug 4, 2011
  • Improves security and is recommended for all Mac OS X Leopard users.

New in Apple QuickTime 7.6.9 (Dec 8, 2010)

  • CVE-ID: CVE-2010-3787
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to Nils of MWR InfoSecurity, and Will Dormann of the CERT/CC, for reporting this issue.
  • CVE-ID: CVE-2010-3788
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
  • Description: An uninitialized memory access issue exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of JP2 images. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to Damian Put and Procyun, working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3789
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue is in QuickTime's handling of avi files. Viewing a maliciously crafted avi file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of avi files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3790
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.
  • CVE-ID: CVE-2010-3791
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A buffer overflow exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3792
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A signedness issue exists in QuickTime's handling of MPEG encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of MPEG encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3793
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in QuickTime's handling of Sorenson encoded movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of Sorenson encoded movie files. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative, and Carsten Eiram of Secunia Research for reporting this issue.
  • CVE-ID: CVE-2010-3794
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
  • Description: An uninitialized memory access issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3795
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution
  • Description: An uninitialized memory access issue exists in QuickTime's handling of GIF images. Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.5. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-3800
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in QuickTime's handling of PICT files. Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved validation of PICT files. Credit to Moritz Jodeit of n.runs AG and Damian Put, working with TippingPoint's Zero Day Initiative, and Hossein Lotfi (s0lute), working with VeriSign iDefense Labs for reporting this issue.
  • CVE-ID: CVE-2010-3801
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in QuickTime's handling of FlashPix images. Viewing a maliciously crafted FlashPix image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to Damian Put working with TippingPoint's Zero Day Initiative, and Rodrigo Rubira Branco from the Check Point Vulnerability Discovery Team for reporting this issue.
  • CVE-ID: CVE-2010-3802
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A memory corruption issue exists in QuickTime's handling of panorama atoms in QTVR (QuickTime Virtual Reality) movie files. Viewing a maliciously crafted QTVR movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of QTVR movie files. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
  • CVE-ID: CVE-2010-1508
  • Available for: Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: A heap buffer overflow exists in QuickTime's handling of Track Header (tkhd) atoms. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. This issue does not affect Mac OS X systems. Credit to Moritz Jodeit of n.runs AG, working with TippingPoint's Zero Day Initiative, and Carsten Eiram of Secunia Research for reporting this issue.
  • CVE-ID: CVE-2010-0530
  • Available for: Windows 7, Vista, XP SP2 or later
  • Impact: A local user may have access to sensitive information
  • Description: A filesystem permission issue exists in QuickTime. This may allow a local user to access the contents of the "Apple Computer" directory in the user's profile, which may lead to the disclosure of sensitive information. This issue is addressed through improved filesystem permissions. This issue does not affect Mac OS X systems. Credit to Geoff Strickler of On-Line Transaction Consultants for reporting this issue.
  • CVE-ID: CVE-2010-4009
  • Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later
  • Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Description: An integer overflow exists in QuickTime's handling of movie files. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Honggang Ren of Fortinet's FortiGuard Labs for reporting this issue.

New in Apple QuickTime 7.6.6 (Mar 31, 2010)

  • General reliability improvements for iMovie

New in Apple QuickTime 7.6.4 (Sep 9, 2009)

  • Includes changes that increase reliability, improve compatibility and enhance security.
  • Support for iTunes 9.
  • This release is recommended for all QuickTime 7 users.

New in Apple QuickTime 7.6.2 (Jun 1, 2009)

  • Video - Improves compatibility with Apple ProRes media.
  • Application Support - Improves support for iTunes 8.2.

New in Apple QuickTime 7.6 (Jan 21, 2009)

  • Video:
  • Improves single-pass H.264 encoding quality.
  • Increases the playback reliability of Motion JPEG media.
  • Audio:
  • Improves AAC encoding fidelity.
  • Audio tracks from MPEG video files now export consistently.
  • Application Support:
  • Improves compatibility with iChat and Photo Booth.

New in Apple QuickTime 7.5.5 (Sep 9, 2008)

  • Includes changes that increase reliability, improve application compatibility and enhance security.
  • This release is recommended for all QuickTime 7 users.
  • For detailed information on the security content of this update, please visit this website: http://www.info.apple.com/kbnum/n61798.

New in Apple QuickTime 7.5 (Jun 10, 2008)

  • QuickTime 7.5 improves application compatibility and addresses security issues. This release is recommended for all QuickTime 7 users.

New in Apple QuickTime 7.4.5 (Apr 3, 2008)

  • QuickTime 7.4.5 includes fixes that enhance reliability, improve compatibility with third-party applications, and address security issues.