Wednesday, March 07, 2007

Apple Update Patches QuickTime Bugs

Apple Inc. has released an update to deal with multiple vulnerabilities in QuickTime, its multimedia architecture. QuickTime is designed to enable a computer to work with real-time movies, audio, and high-quality compressed images.

The QuickTime 7.1.5 Update patches eight security bugs. According to several advisories on the U.S.-CERT Web site, the vulnerabilities include three buffer overflow bugs and three integer overflow bugs. The U.S.-CERT warns users to download the updates as soon as possible.

The CERT made information about the vulnerabilities available in the Vulnerability Notes Database.

Bojan Zdrnja, a handler at the SANS' Internet Storm Center, wrote in a diary entry that it has received messages saying Apple's auto updater in older versions of QuickTime does not find and download the new release. "In other words, if you click on the "Update now" button, it will tell you that you have the latest version running," says Zdrnja. "So, at this point in time, if you want to run the latest (patched) version, you'll have to go there and download the installation file and install it manually."

The update can be manually downloaded from Apple's Web site.

No comments: