Apple has fixed some bugs in its QuickTime media player to correct five flaws that could be used by attackers to run unauthorised code on machines running Mac OS X or Windows.
The fixes, in QuickTime 7.0.4, will prevent attackers exploiting the bugs by tricking a user into viewing a maliciously crafted image or media file with the QuickTime Player. The images could come in a variety of formats, including TIFF, GIF, TGA or QTIF.
Apple’s problems with QuickTime have kept the focus on image-related security vulnerabilities following recent concern over a WMF (Windows Metafile) bug that hackers were exploiting. The WMF bug eventually gathered so much attention that Microsoft took the unusual step of patching it several days ahead of its regularly scheduled security software update.
Meanwhile, as part of its own monthly security updates, Microsoft released patches for two vulnerabilities. The first, and more serious flaw was a remote code execution vulnerability affecting Microsoft Outlook and Exchange Server products. The other flaw was a privately reported vulnerability that exists in the way Windows handles malformed embedded Web fonts.
It may be a new year, but it looks as if 2006 will see little change in this constant catalogue of flaws, updates and patches.