Apple plugs eight QuickTime holes

Vulnerabilities in Apple's widely used QuickTime media player software can expose both Macs and Windows PCs to attack.
Written by Joris Evers, Contributor
Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.

The vulnerabilities expose both Macs and Windows PCs to cyberattack, Apple said in a security alert. In all cases, an attacker could craft a malicious file which, when opened with QuickTime, could give the miscreant full control over a computer running the software, Apple said.

The problems lie in the way QuickTime handles a number of formats. The security updates repair problems in the way the software handles QuickTime, MIDI, 3GP, PICT and QTIF files, according to the Apple alert.

The fixed version of QuickTime is release 7.1.5. Along with the fixes, the latest version also includes some functionality improvements, Apple said. The update is available for download from Apple's Web site or through the Apple update feature, the company said.

Apple regularly issues patches for QuickTime. In January, the Mac maker put out a fix for a zero-day flaw that was released as part of the "Month of the Apple Bugs" project.

Security researchers have increasingly been targeting applications such as QuickTime in recent months. With operating systems becoming more secure, widely used programs such as media players, instant-message tools and antivirus shields have become popular hacker targets, pundits have said.

Editorial standards