Apple Inc. has patched a number of critical flaws in its QuickTime media player.
With the 7.2 update, users can now view videos on the full screen with the QuickTime player, but the software also contains a number of critical security fixes. In total, Apple has addressed eight security vulnerabilities with the release, which was made public on Wednesday.
Four of the flaws are due to memory corruption or integer overflow bugs that could cause the viewer to crash if QuickTime were used to view maliciously crafted movies or files. Another three critical flaws relate to design issues in QuickTime for Java. Attackers could theoretically exploit these flaws by posting malicious Java applets on a Web site, where they could then compromise a victim's computer.
A final QuickTime for Java bug could "lead to the disclosure of sensitive information," Apple said in its security alert on the update.
Also on Wednesday, Apple pushed out a new release of its iTunes music software that fixes "a minor problem with iTunes 7.3 accessing the iTunes Library," the company said.
The QuickTime and iTunes updates are available for download by both Windows and Mac OS X users.