Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

Apple patches old QuickTime vulnerabilities with QuickTime 7.6.8 for Windows

A few weeks ago, we told you about an exploit in the Windows version of Apple's QuickTime, based on a line of code from 2001. QuickTime 7.6.8, released Wednesday, finally fixes that vulnerability. The bug allowed the takeover of Windows XP, Vista and Windows 7 machines with Internet Explorer installed.

The news isn't so much that Apple fixed the problem, but that they took longer to do so than it seems. We found out about it in late August, but it had been reported to Apple nearly two months prior. Bug trackers criticized the company for moving slowly, and Aaron Portnoy of bug hunting group Zero Day Initiative said he could have fixed the problem "within a day."

Meanwhile, Apple gets points for becoming one of the first companies -- along with Mozilla -- to patch a nasty DLL exploit, where hackers could replace any DLL file with their own malicious code under the same filename. The fix? Use the entire path instead of a filename. More than 200 programs reportedly still have this DLL issue.

[via Computerworld]

Tags: bug, exploit, patch, quicktime, quicktime 7.6.8, Quicktime7.6.8, security, vulnerability

Comments

1