QuickTime 7.3.1, GarageBand 4.1.1 released

Specific security issues addressed in Apple's latest QuickTime update follow:

Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2.

Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2

Multiple vulnerabilities in QuickTime's Flash media handler Description: Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue. This issue affects Mac OS X 10.3.9, Mac OS X 10.4.9 or later, Mac OS X 10.5 or later, and Windows Vista/XP SP2

Filed under: security, software
Other story tags: QuickTime, system updates, GarageBand