Updates - July 19, 2010

iTunes and QuickTime 9.2.1 released

I don't know if any security issues are addressed, but this latest version is available via the internal iTunes updater. Be sure to uncheck the Safari  and other options offered if not needed.

Changelog here: http://support.apple.com/kb/HT1222

Comment:

There once was a time when I swore I would never have let QuickTime on my system again. Only after I purchased an iPod did I realize that QT was integrated and necessary for the functioning of iTunes. If you don't use iTunes, you probably don't need or want QT.

Joe,

unless i'm missing something, the latest/current version of QuickTime Player is 7.6.6 ; that's the version I have, and the internal updater says it's up to date.   it's also the version available for download at http://www.apple.com/quicktime/download/

You are probably correct.

All I know is that my iTunes internal updater referred me to this latest update, referencing both to the same version ( 9.2.1 ). I suspect that QT has actually not been updated since 7.6.6, which is the version I also have.

Here's the Secunia Advisory for iTunes, copied/pasted from http://secunia.com/advisories/40660/ :

Description
A [highly critical] vulnerability has been reported in Apple iTunes, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of "itpc:" URIs and can be exploited to cause a buffer overflow when accessing a specially crafted "itpc:" URI.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 9.2.1.

Solution
Update to version 9.2.1.

Provided and/or discovered by
The vendor credits Clint Ruoho, Laconic Security.

Original Advisory
Apple:
http://support.apple.com/kb/HT4263