Apple on Thursday pushed out a new version of QuickTime for Windows that patched nine vulnerabilities, including a handful reported Aug. 13 by Cisco Talos and Fortinet researchers.
All five flaws, if exploited, could lead to a crash of the media player or code execution in some cases, Apple said in its advisory. Two other vulnerabilities reported by Cisco and Fortinet also expose QuickTime to remote code execution attacks; CVE-2015-5785 and -5786 are memory corruption errors in QuickTime versions prior to 7.7.8 running on Windows machines, Fortinet’s FortiGuard Labs and Cisco’s Ryan Pentney and Richard Johnson said.
“A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user’s system,” according to a SecurityTracker advisory.
The QuickTime update comes a week after a giant patch update for Mac OS X, OS X Server and iOS that addressed dozens of vulnerabilities, including a critical privilege escalation issue in the DYLD dynamic linker that was disclosed a month earlier. All of yesterday’s patches were released on OS X last week.
Apple said it improved memory handling to address the denial-of-service and code execution vulnerabilities in yesterday’s update. The five DoS vulnerabilities reported by Cisco affect QuickTime versions 7.7.5 and 7.7.6 running on Windows 7 32-bit machines.
According to Cisco:
Apple still has not patched kernel-level vulnerabilities in Mac OS X that were disclosed last weekend by a researcher in Italy. Two vulnerabilities leading to privilege escalation and security feature bypasses, along with proof of concept code, were reported to Apple hours before they were publicly disclosed by Luca Todesco.
The vulnerabilities lie in the Yosemite and Mavericks versions of OS X, but have been patched in beta versions of OS X 10.11, also known as El Capitan, Todesco said.
securitytracker.com/id/1033346
talosintel.com/reports/2015/08/13/TALOS-2015-0012.html
talosintel.com/reports/2015/08/13/TALOS-2015-0013.html
talosintel.com/reports/2015/08/13/TALOS-2015-0014.html
talosintel.com/reports/2015/08/13/TALOS-2015-0015.html
talosintel.com/reports/2015/08/13/TALOS-2015-0017.html
support.apple.com/en-us/HT205046
threatpost.com/apple-patches-critical-os-x-dyld-flaw-in-monster-update/114289
threatpost.com/apple-zero-day-remains-unpatched/114333
threatpost.com/inside-the-unpatched-os-x-vulnerabilities/114344