Apple releases QuickTime patch to close exploit
by Tateru Nino 
Dec 14th 2007 at 9:45AM
Filed under: Exploits, Patches, News items, Second Life
Two weeks ago, Second Life users were warned of a flaw in QuickTime that allowed carefully crafted QuickTime datastreams and file headers to access their accounts through the viewer, and could potentially be used to steal items and Linden Dollars. The flaw was in QuickTime itself and was usable to compromise a wide variety of software unless you disabled or uninstalled QuickTime to prevent it running.
A few hours ago, Apple finally dropped a new version of QuickTime (version 7.3.1) which fixes these exploit issues. Whether you use Second Life or not, if you have QuickTime installed on your machine you should get the update without delay.
Reader Comments (Page 1 of 1)
skribe said on 5:52PM 12-14-2007
Unfortunately an update existing software in XP Pro from within qt doesn't recognise that a new version is available. Maybe the auto check will work but if not then QT will need to be downloaded manually.
Reply
Tateru Nino said on 9:03PM 12-14-2007
Mine recognized it, but ironically crashed citing a 'buffer overrun' when the automatic update tried to run.
skribe said on 9:30PM 12-14-2007
Try going into QT preferences->Advanced tab and choose Safe mode under video. That fixed the buffer overrun problem for me.
Reply