James Delahunty
6 Apr 2008 22:02
Apple Inc. has issued a security patch that addresses eleven security vulnerabilities with its QuickTime multimedia playback software. Of the eleven security problems addressed, nine could potentially be used by a malicious user to run malicious code on a victim's computer. Eight of the vulnerabilities affect both Mac OS X and Windows versions of the software, while the remaining three are exclusive to Windows XP SP2 and Vista.
The worst flaws can be exploited with a specially crafted movie file, often delivered to unaware used through email messages. Due to the wide and cross-platform distribution of the QuickTime software, it is a constant target of crackers who use the discovered vulnerabilities to hijack machines.
In 2007, Apple fixed 34 QuickTime vulnerabilities, after fixing 28 QuickTime holes in 2006. So far this year, the tally is up to 16 specific QuickTime fixes. This latest fix comes shortly after security researchers managed to compromise a MacBook Air laptop using a zero-day vulnerability, taking advantage of a hole in Apple's Safari 3.1 Web browser.