Apple yesterday released updates to close a number of security holes in its QuickTime player, as well as a bug in iTunes. Both Mac and Windows versions received the update.
QuickTime 7.6.2 for Mac OS X 10.4.11 and 10.5.7, as well as Windows Vista and XP SP3, fixes a number of flaws that could be targeted if you open various types of malicious media files. The iTunes update to version 8.2, for Mac OS X 10.4.10 or later, Mac OS X Server 1.4.10 or later, and Windows Vista and XP, closes one hole that could allow visiting a malicious Web site to launch an attack.
To get the fixes, launch the Apple Software Update program. You may also receive a prompt about a new version upon starting either app. See Apple's notes for more info on the QuickTime update and new iTunes version.
It's worth noting that Apple's QuickTime fix doesn't affect the recently disclosed Microsoft flaw in DirectShow involving the way the quartz.dll component handles QuickTime files. The Microsoft hole doesn't involve any Apple software, and can be targeted when you open a poisoned file or visit a malicious Web site whether or not you have Apple's QuickTime installed, according to Microsoft. An easily applied quick fix can block the flaw until Microsoft releases a patch.