Apple Quicktime Infected

February 2009

Apple issues critical QuickTime security update. Apple issued a critical QuickTime security update, aimed at resolving vulnerabilities in its media player that could potentially allow a malicious attacker to take control of a user’s computer, according to an Apple advisory released last week. Users running QuicTime 7 for Windows, or OSX, are affected, as well as those who are using Mac OS X 10.4 or Mac OS X 10.5, according to Apple. Apple is advising users to update to QuickTime 7.6, with QuickTime 7.6 for Windows, or QuickTime 7.6 for Leopard, or QuickTime 7.6 for Tiger. The update seeks to address QuickTime security flaws which could potentially allow a malicious attacker to launch a buffer overflow and execute arbitrary code on a user’s system. The attack could potentially occur via a maliciously crafted movie file, AVI movie file, QTVR movie file, or an RTSP URL, according to Apple. Security researcher Secunia, in its security advisory on January 22, noted the vulnerabilities are considered “highly critical.”