Apple Update Fixes Critical QuickTime Flaw

Apple has patched two critical code execution holes in its QuickTime multimedia player for Windows. At least one of these vulnerabilities has already been exploited by hackers, meaning the fix comes not a moment too soon.

An Estimated Several Hundred Applications at Risk

We first reported the QuickTime flaw over two weeks ago, when it was discovered that the exploit made at least forty (and perhaps several hundred) Windows applications vulnerable to attack.

One flaw, called CVE-2010-1818, is associated with QuickTime's ActiveX control. It can be exploited if a hacker can trick a victim to visit a specially crafted and malicious website. (Source: softpedia.com)

Windows Users pUnk-d by Hackers

The flaw is related to an unused parameter in QuickTime called '_Marshaled_pUnk'. Because it was made known to the public by Spanish researcher Ruben Santamarta in late August, hackers were able to exploit the vulnerability before a patch was constructed and made available.

Windows users running QuickTime are also vulnerable to a bug that uses remote binary planting, or DLL hijacking tactics, to launch an attack. "If an attacker places a maliciously crafted DLL in the same directory as an image file, opening the image file with QuickTime Picture Viewer may lead to arbitrary code execution," Apple noted in its recent advisory.

Because the vulnerability is related to the way Windows executes a library file search, the second bug has been fixed by altering this process.

It's not the first time Apple has had to fix a flaw related to binary planting. Not long ago a similar vulnerability was found it the company's browser, Safari.

Download QuickTime 7.6.8 to Fix Issue

Downloading the new QuickTime, version 7.6.8, will make Windows users safe from attack. The download is available here.

The fix is good news, but Apple is sure to receive plenty of heat for taking so long to provide QuickTime and Windows users with protection. Although the flaws were made public only a few weeks ago, reports say Apple knew about it months ago. Some security experts scoffed at the prolonged wait, noting that a fix could have been made available "within a day." (Source: downloadsquad.com)