January 15, 2008 11:15 AM PST
QuickTime 7.4 released: security holes plugged
Alongside iTunes 7.6, Apple today released QuickTime 7.4. According to Software Update (currently the only method of obtaining the new release), this version includes:
- Numerous bug fixes
- Support for iTunes
The new release also includes the following security enhancements:
- "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Joe Schottman of Virginia Tech for reporting this issue.
- Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution A memory corruption issue exists in QuickTime's handling of Macintosh Resource records in movie files. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files. Credit to Jun Mao of VeriSign iDefense Labs for reporting this issue.
- Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution A memory corruption issue exists in QuickTime's parsing of Image Descriptor (IDSC) atoms. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Image Descriptor atoms in movie files. Credit to Cody Pierce of TippingPoint DVLabs for reporting this issue.
- Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution A buffer overflow may occur while processing a compressed PICT image. Opening a maliciously crafted compressed PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by terminating decoding when the result would extend beyond the end of the destination buffer. Credit to Chris Ries of Carnegie Mellon University Computing Services for reporting this issue."
Feedback? Late-breakers@macfixit.com.
Resources
Anyone else with this issue?
Yep.... me too.. VLC plays them okay but not quicktime 7.4... Funny, though, it's not every .mp4 !
- by Ron L January 16, 2008 10:38 AM PST
- If you take the following precautions I've found that QT and iT will work fine. And since they are such important apps I believe it is definitely worth the extra minutes this takes (As with major upgrades it's worth taking the extra time.)
- Like this Reply to this comment
-
(6 Comments)While running 10.5.1 I ran DFA and Repaired permissions first.
Then I did a Safe Boot (which performs several maintenance functions as well as disabling numerous non-essential third party apps, etc.) and installed iTunes 7.6. Then I installed QuickTime 7.4.
All is working fine. (I've done many tests.)
IMHO if you do the above you should not have problems. It often appears those that don't follow safe installations are the ones that have glitches. Sure it takes maybe another ten minutes to do this, but it can save a lot of headaches.
HTH