Apple today released its latest
QuickTime version to plug four vulnerabilities that, if exploited, could install malicious code on users' machines.
QuickTime 7.4 fixes three bugs related to a memory corruption problem in the way the popular media player handles certain files, according to an Apple
advisory. The other flaw is a buffer overflow that may occur when processing compressed images.
Today's update does not appear to resolve
another buffer overflow vulnerability reported Thursday by Italian researcher Luigi Auriemma, according to Maarten Van Horenbeeck, SANS Internet Storm Center handler. That bug is caused by an error when processing
RTSP (real-time streaming protocol) response messages.
The vulnerability, ranked “highly critical” by Secunia, only affects QuickTime for Windows, Auriemma told SCMagazineUS.com this week.
Before today's release, Apple's most recent QuickTime update – version 7.3.1 – closed three holes, including another RTSP flaw that was being actively exploited.
QuickTime version 7.3 was
released in November, with the
lone update pushed out in December.