Apple patches months-old QuickTime bugs
Apple patched a critical vulnerability in QuickTime on Wednesday that was reported to the company by a bug bounty program months ago. The update also patched a "DLL load hijacking" issue that went public in August.
The QuickTime 7.6.8 update is for Windows only, and fixes a pair of flaws in the media player. Of the two, the most notable is a patch for the QuickTime plug-in used by Microsoft's Internet Explorer.
On Aug. 30, Spanish researcher Ruben Santamarta published information about a bug that hackers could use to hijack Windows XP, Vista or Windows 7 machines running IE with the QuickTime ActiveX control in place. The vulnerability was Apple's fault, said Santamarta, because the company's developers had neglected to clean up old code, leaving an opening for attackers.