Apple has released a QuickTime update for Windows users that reportedly patches a vulnerability that could have left users open to remote code execution attacks.
QuickTime, Apple software which allows users to “watch Internet video, HD movie trailers, and personal media clips,” as well as various other functionality, comes packaged with Apple’s popular iTunes software — although users can choose to uninstall the software at a later date.
According to the update description, the patch fixes a flaw — by disabling debug logging — which existed in the media application’s error logging system that could potentially have led to an “unexpected” termination of QuickTime or see “arbitrary code” executed if a rogue or malicious media file was played.
“A stack buffer overflow exists in QuickTime’s error logging. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed by disabling debug logging,” the update description explains.
The update became available over the weekend with the release of Quicktime 7.6.7, and is only available for systems running Microsoft Windows — the problem doesn’t affect those running QuickTime on Apple’s own Macintosh operating system. You can download the latest version of QuickTime from Apple’s website, or use the Apple Software Update tool installed on your computer to download the patch.
Anti-virus research and data security organization AV-Test recently spent three months testing 19 security products in the areas of protection, repair and usability. On Monday, August 16th they released the test results, and we’re excited that Microsoft Security Essentials has received another certification, this time from AV-Test.org.
According to the AV-Test Product Review and Certification Report, the “Protection” category covers static and dynamic malware detection, including testing for real-world 0-Day attacks. “Repair” evaluates the system disinfection and rootkit removal in detail, which is critical for ensuring AV solutions effectively clean malware off of consumers’ computers. The “Usability” testing criteria includes the amount of system slow-down caused by the tools and the number of false positives. You can read the full set of test reports here.
As we mentioned last week, the most important validation of AV quality comes from independent certification organizations like VB100, AV-Test and others. With the current version of Microsoft Security Essentials and the new version now available in beta, our commitment remains constant: to provide security you can trust that is easy to use and provides protection that runs quietly and efficiently in the background, ensuring a great Windows user experience.
You can get the current version of Microsoft Security Essentials at no cost by visiting the Microsoft Security Essentials website here.