Addressing a number of critical issues in its QuickTime media player application, Apple has rolled out the updated iteration of the application, codenamed as “QuickTime 7.6”, for both Windows and Mac operating systems.
The update plugs as many as seven security holes in QuickTime player and incorporates a couple of improvements for its audio and video quality.
Of the stability and performance fixes, the company has notably improved Motion JPEG and H.264 video encoding systems, along with bringing some significant enhancements in MPEG and AAC audio components.
However, the security part of the update addresses seven vulnerabilities in both Windows and Mac OS X iterations of the player, and if any of these flaws get exploited, it could enable hacker to seize control over victim’s computer through remote code execution.
A number of these bugs include heap buffer overflows, with one of them lies in QuickTime’s way of handling the Real Time Streaming Protocol (RTSP) URLs, while another one exists in the manner in which QuickTime processes AVI movie files.
In addition, other two heap buffer overflow bugs present in the media player’s handling of JPEG atoms in its movie files, and other one lies in the method by which QuickTime handles its Virtual Reality movie files.
The update is available for Windows Vista, Windows XP, SP1 and SP2, in addition to Mac OS X v10.4.9 to Mac OS X 10.4.11 as well as Mac OS X v10.5, and the company has recommended all QuickTime users to download the update.
Go To Page 2 for our comments and more related links
A relatively minor update focused mainly on security. It still beggars belief that Apple has kept Quicktime alive after so long. The multimedia framework is 17 years old already, only slightly younger than MPEG and before Microsoft's own Video for Windows - which became "Windows Media Video" later. It has however lost pace lately and according to Google Trends, been surpassed as a leading video codec, surpassed by MP4, DiVX and AVI.
(The Mac Observer)