Extra patches for QuickTime

By Dave Nixon

Apple released 11 patches for its QuickTime multimedia program on Wednesday, fixing an assortment of troubles that could let a hacker implement malevolent code on a machine.

It’s no less than the sixth time Apple has patched QuickTime since October last year, as researchers and hackers have been intimately investigating media players for vulnerabilities. As operating systems have become more protected, vulnerabilities in applications have become a preferential route to burglarize a PC.

The patches deal with security issues, improve reliability and develop the compatibility of QuickTime with third-party applications, Apple said.

Apple credited identification of more than half of the problems described to TippingPoint, a security vendor that runs Zero Day Initiative, a program that rewards researchers for finding vulnerabilities.

Many of the problems with QuickTime take place when the application opens a movie that has been particularly crafted to leverageflaws in the software. A number of of the vulnerabilities are buffer overflows, where a problem with an application’s use of memory can be exploited in order to run other code.

The up-to-date version of QuickTime is now 7.4.5. Apple’s Software Update function will download the new patches for computers running Windows and Apple’s Mac OS X.