Apple patches old QuickTime vulnerabilities with QuickTime 7.6.8 for Windows
The news isn't so much that Apple fixed the problem, but that they took longer to do so than it seems. We found out about it in late August, but it had been reported to Apple nearly two months prior. Bug trackers criticized the company for moving slowly, and Aaron Portnoy of bug hunting group Zero Day Initiative said he could have fixed the problem "within a day."
Meanwhile, Apple gets points for becoming one of the first companies -- along with Mozilla -- to patch a nasty DLL exploit, where hackers could replace any DLL file with their own malicious code under the same filename. The fix? Use the entire path instead of a filename. More than 200 programs reportedly still have this DLL issue.