It may not get the attention shown to
a new version of iTunes or even an
iPhone OS update, but QuickTime also saw a new version rolled out on Wednesday. QuickTime 7.6.4 adds support for the newly released iTunes 9 as well as improved audio device support for Windows Vista users.
Apple’s release notes, the 7.6.4 update also tackles some security issues. The update patches flaws where viewing a maliciously crafted H.264 movie could lead to an unexpected application crash or arbitrary code execution. The flaws were caused by memory corruption issues, a buffer overflow, and a heap buffer overflow in the way QuickTime handles h.264 movies, according to Apple, which credits Tom Ferris of the Adobe Secure Software Engineering Team, Alex Selivanov, and an anonymous researcher working with TippingPoint and the Zero Day Initiative for reporting the H.264 issues.
Similarly, the 7.6.4 update fixes a heap buffer overflow that existed in QuickTime’s handling of FlashPix files; Apple credits Damian Put working with TippingPoint and the Zero Day Initiative for reporting the flaw.
QuickTime 7.6.4 is aimed at Mac users running OS X 10.4 and 10.5 as well as Windows Vista users. The 59.4MB update is available through Software Update or
Apple’s QuickTime page.