Apple Patches Up QuickTime
Apple has released a new patch for its QuickTime player, fixing security flaws for both the Mac and Windows versions.
April 3, 2008
In the mean time, QuickTime for Mac OS X got off with only 8 such fixes.
Five of the flaws can be exploited by hackers with the help of specially-crafted movie files, while three of the flaws can be exploited with the help of Pict files. All these flaws allow remote code execution.
Also in the “remote code execution” is a flaw in handling of QuickTime VR files. Last but not least, the player features a vulnerability that would allow Java applets to obtain elevated privileges.
The patch can be obtained via Apple's Software Update utility or downloaded directly from here.