Apple has released an updated version of its popular QuickTime media playback software that fixes eight security vulnerabilities.
QuickTime 7.1.5, which also contains a number of bug fixes, guards against exploits that might be as straightforward as tricking users into opening maliciously constructed media files. The flaws affect both Windows and Mac OS X versions of QuickTime. Successful exploitation would allow hackers to take control of vulnerable systems.
Normally, Apple does a good job at automatically updating its QuickTime software - providing users have selected its auto-update function - but the SANS Institute reports that the updater tool that shipped with older versions of QuickTime doesn't apply to this particular patch, which security watchers rate as critical. Users are advised to install the update manually.
The vulnerabilities were variously discovered by security staff at McAfee's Avert Labs, iDefense and independent researchers. More detail on the flaws can be found in Apple's security advisory here. ®