These fixes have already been included in the Mac OS X 10.6.5 update, so Snow Leopard users do not need to apply the update, which is available via software update and Apple’s QuickTime downloads page.
Thirteen of the fixes affect QuickTime 7.6.9 for both Windows and Leopard; two affect QuickTime 7.6.9 for Windows only. The two Windows-only vulnerabilities to Windows 7, Vista, XP SP2, or later involve viewing a maliciously crafted movie file and a local user accessing sensitive information.
According to Apple, 14 of the vulnerabilities “may lead to an unexpected application termination or arbitrary code execution”, and the remaining vulnerability may lead to “disclosure of sensitive information”. Apple does not rank threat levels for its products’ vulnerabilities.
Charlie Miller, an information security expert, said in a Twitter post: “I can’t believe how many QuickTime bugs keep being found. It’s teaspoons from the ocean.”
Apple has issued QuickTime security updates four times this year and patched 34 bugs, according to Computerworld.