Apple fixes security issues with QuickTime 7.5

Apple released QuickTime 7.5 late on Monday, fixing a handful of security issues, including holes that would have allowed someone to run malicious code on a computer and remotely control it.

One of the issues, which would have allowed a maliciously crafted PICT image file to run code, affected computers running Windows Vista and XP SP2.

Four other issues affected Vista and XP SP2, as well as Mac OS X 10.3.9, Mac OS X 10.4.9 through 10.4.11, and Mac OS X 10.5 or later. QuickTime 7.5 fixes a memory corruption issue in the software's handling of AAC-encoded media content; a heap buffer overflow related to PICT images; a stack buffer overflow related to the handling of Indeo video codec content; and a URL issue that was addressed by revealing files in Finder or Windows Explorer rather than launching them.

More information can be found on the Apple website.

Credit for reporting the different security issues was given to Dyon Balding of Secunia Research; Dave Soldera of NGS Software and Jens Alfke; Liam O Murchu of Symantec; an anonymous researcher working with TippingPoint's Zero Day Initiative; and Vinoo Thomas and Rahul Mohandas of McAfee Avert Labs, along with Petko D. Petkov of Gnucitizen working with TippingPoint's Zero Day Initiative.

Two months ago, Apple released QuickTime 7.4.5, which addressed a number of "highly critical" security flaws in the media player.