Along with updates to iTunes, GarageBand, and MobileMe Control Panel (exclusive to Windows users), Apple released an update to its QuickTime media player. By bringing the software to version 7.6.2, the Mac maker has increased the reliability, improved compatibility, and improved security of QuickTime on Mac and Windows.
In the Support section of its website, Apple describes the latest QuickTime update as follows:
About QuickTime 7.6.2 for Mac
QuickTime 7.6.2 includes changes that increase reliability, improve compatibility, and enhance security.
This version is recommended for all QuickTime 7 users.
On a more detailed note, Apple reveals that QuickTime 7.6.2 improves compatibility with Apple ProRes media, while adding support for iTunes 8.2, the recently released update to iTunes, which for its go, adds support for iPhone OS 3.0.
As with iTunes 8.2, QuickTime 7.6.2 also has a security side. QuickTime, however, had a lot more holes to plug – 10, to be precise. In particular, one of the fixed issues (available for Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista, and XP SP3) was discovered by Charlie Miller of Independent Security Evaluators and Damian Put working with Zero Day TippingPoint initiative. Miller, as readers should know, is the winner of the CanSecWest Pwn2Own hacking competition, which took first place for compromising an Apple MacBook via a Safari flaw.
The security researcher’s latest finding was that “Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution” in earlier versions of QuickTime. The fault is described as follows:
A buffer overflow exists in the handling of JP2 images by QuickTime. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or the execution of arbitrary code.
Thanks to Charlie Miller and Damian Put for reporting this issue, Apple claims to have addressed this vulnerability with better limit checking.
Apple also issues a note to QuickTime 6 Pro users revealing that “Installing QuickTime 7 or later will disable QuickTime Pro functionality in earlier versions of QuickTime, such as QuickTime 6. If you are a QuickTime user 6 Pro and you do this installation, you will need to purchase a QuickTime 7 Pro registration code to regain QuickTime Pro functionality, ”says Apple. Therefore, users must visit the Apple Online Store to purchase a QuickTime 7 Pro registration code after installation.
Download QuickTime 7.6.2 for Mac (Free)
Download QuickTime 7.6.2 for Windows (Free)