Apple Patches Flaws in QuickTime

The update patched seven vulnerabilities for users running Mac OS X or Windows.

Six of the seven security vulnerabilities fixed holes that could have allowed exploits when users lured to Web sites viewed malicious images or movies. "By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said on its Web site.

The seventh patched a vulnerability in QuickTime for Java that would have allowed untrusted Java applets to obtain elevated privileges.

"By enticing a user to visit a Web page containing a maliciously crafted Java applet, an attacker may cause the disclosure of sensitive information and arbitrary code execution with elevated privileges. This update addresses the issues by making QuickTime for Java no longer accessible to untrusted Java applets," Apple said.

Apple also released updates for iTunes 7.5 for both Mac and Windows.

Apple does not rate the severity of flaws for which it offers patches, but did credit the identification of the vulnerabilities to individuals from TippingPoint and the Zero Day Initiative, Adobe Systems Incorporated, www.trapkit.de and the VeriSign iDefense VCP. Updates are available on Apple's web site.