Apple late Tuesday released an update to QuickTime for Mac and Windows. The Version 7.5 release patches a number of holes that were open to malicious attacks.
Several of the patches fixed problems with handling PICT images, which could lead to arbitrary code execution. One of them was for the Windows version of QuickTime; the Mac version wasn't exposed to this risk.
Another problem was with embedded URLs in QuickTime files.
Description: A URL handling issue exists in QuickTime's handling of file: URLs. This may allow arbitrary applications and files to be launched when a user plays maliciously crafted QuickTime content in QuickTime Player. This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them.
In addition, the update fixes a bug with the handling AAC-encoded files. Apple said QuickTime will now perform additional validation of media files.