Just a heads up for everyone. A security vulnerability that affects Apple QuickTime software has been identified. It has been classified as “Highly Critical”. The reason for this is the fact that this one affects anything and everything that uses QuickTime. In addition it is not picky about what platform or OS either.

Affecting Mac and Windows (including Vista via IE7). In addition it affects all browsers including IE7, Firefox, Safari and most likely anything using these engines such as Flock. The vulnerability is exploited by a user visiting a malicious website and allows a hacker to run code remotely. It has to do with how QuickTime handles Java. So it affects browsers with Java enabled. That’s most of us right?

Technically speaking:

“The vulnerability is caused due to an input validation error in “toQTPointer()” within the QuickTime Java extensions (QTJava.dll) and can be exploited to write arbitrary values to memory locations outside of an allocated buffer.”

Secunia have issued an alert and they recommend updating to the latest version of QuickTime. The new version is 7.1.6. Should you have your updates for QuickTime set to automatic you will get the update. However, even though I do have updates set to automatic, my version had not updated at time of writing so go manual.

You can either open QuickTime and select “Update Existing Software” or visit Apple for the latest Updated version. The following are links to the download page.

Windows Users Update QuickTime Here

Mac Users Update Here

This update was released by Apple on the 1st of May 2007. Get cracking this could get ugly and the fix is simple enough.

This entry was posted on Wednesday, May 2nd, 2007 at 11:29 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.