Secunia issued a warning about four security flaws in QuickTime versions 6.5.2 and 7.0.1 on Friday. The flaws, which could potentially lead to a Denial of Service attack, were patched by Apple with the QuickTime 7.0.3 updater on October 12.
The four vulnerabilities addressed with the QuickTime 7.0.3 update include two integer overflow errors in .mov files, a NULL pointer error in maliciously crafted video files, and a boundary error in certain PICT files when viewed in Classicis QuickTime PictureViewer application. A full description of each flaw is available an Apple Knowledge Base security article.
Users with a version of QuickTime that falls under the advisory can address the issue simply by updating to the new version through Software Update, or by downloading and installing the QuickTime 7.0.3 updater.
The downside is that QuickTime Pro 6 keys donit work in QuickTime 7, requiring the purchase of a new US$29.99 license.
Secuniais warning, dated November 4, is a little ill timed, considering Apple released an update for the noted issues nearly a month ago.