Skip to Main Content

Apple Issues QuickTime Patch for Windows, OSX Users Safe

Apple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet.

May 16, 2012

Apple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet.

More than half (57 percent) of Windows PCs and nearly all of Apple computers use QuickTime, since QuickTime is built into OSX. The QuickTime plugin is also widely used in Chrome, Safari, Internet Explorer, and Firefox.

Windows users should download QuickTime 7.7.2 here; for OSX 10.7 Lion and OSX 10.6 Snow Leopard users, the vulnerabilities were patched in last week’s OS update; OSX 10.5 Leopard users were protected by an update on Monday.

The vulnerability would have allowed attackers to take control your system if you played a corrupt .PCT media file, which would have caused a buffer overflow or other memory corruption. The files may have been embedded in compromised websites. Most of the vulnerabilities were reported by white hat wearers during HP’s Zero Day Initiative at Pwn2Own back in January. Another was reported in February by Qualys. 

Rodrigo Branco, director of vulnerability and malware research at Qualys, told Security Watch that because the vulnerabilities were just released, it's unikely they're being exploited in the wild.

“Throughout the whole process, Apple was very professional in handling this issue and provided constant status updates upon my request,” Branco wrote in a separate blog post. “It was great to see a company of Apple's size taking a proactive role to ensure that their software and their users are protected from major vulnerabilities like this one.” 

Last week Apple also, commendably, relinquished control to Adobe to patch Flash. The move came just days after Oracle said it would control the release of Java patches. For more on what this means, see Apple's OS X, Safari Updates Improve OS X Security