Just as Microsoft is releasing its monthly security patches, Apple Computer has fixed a number of nasty bugs in its QuickTime media player. The fixes, which can be found in QuickTime 7.0.4, fix a total of five flaws in the player that could be used by attackers to run unauthorized code on a Max OS X or Windows computer running QuickTime.
Attackers theoretically could exploit the bugs by tricking a user into viewing a maliciously crafted image or media file with the QuickTime Player, Apple said in a statement (http://docs.info.apple.com/article.html?artnum=303101) released Monday. This images could come in a variety of formats, including TIFF, GIF, TGA, or QTIF, Apple said.
Kyle Haugsness of the SANS Internet Storm Center seemed impressed by the scope of this update. "To summarize the advisory: A maliciously-crafted GIF/TIFF/TGA/QTIF image or multimedia file may result in arbitrary code execution," he wrote in a Tuesday Web posting. "Well that pretty much covers the whole Web browsing thing."
Image-related security vulnerabilities have grabbed a lot of attention lately, thanks in large part to a WMF (Windows Metafile) bug that hackers were exploiting last week. The WMF bug eventually gathered so much attention that on Thursday Microsoft took the unusual step of patching it several days ahead of its regularly scheduled security software update. That regular update occurred on Tuesday.