Your jingle to take into the weekend: QuickTime security fixes to apply

Apple closes out week with patches for Windows

QuickTime X Player

Apple has posted an update to its QuickTime media plugin, addressing multiple remote code execution flaws for Windows 7 and Windows Vista users,

The Cupertino giant said that the QuickTime 7.7.9 patch will address a total of nine CVE-listed memory corruption vulnerabilities in QuickTime. Each could be targeted by loading a malformed movie file, leading to remote code execution or an application crash.

Two of the vulnerabilities (CVE-2015-7086 and CVE-2015-7085) were credited to an anonymous security researcher. Another five (CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, and CVE-2015-7117) were reported to Apple by Ryan Pentney and Richard Johnson of Cisco Talos.

Pedro Ribeiro of Agile Information Security found the CVE-2015-7091 bug, while Jaanus Kp of Clarified Security reported CVE-2015-7092 through the HP Zero Day Initiative.

Apple did not report whether any of the flaws are currently being targeted in the wild.

Users can get QuickTime 7.7.9 through the Apple Software Update tool for Windows or by downloading direct from Apple.

The update is the first from Apple this year, and the first for Apple software on Windows systems since the December 11 release of iTunes 12.3.2. ®


Biting the hand that feeds IT © 1998–2017