Graham Cluley’s blog

Apple has released an updated version of QuickTime (version 7.6.2) which fixes a number of security vulnerabilities. If left unpatched the security holes could be exploited by hackers who could create a booby-trapped movie or audio file, programmed to execute malicious code on computers.

More information about the vulnerabilities in QuickTime can be found on Apple's website.

Curiously, MacWorld is reporting that one of the QuickTime bugs was partially revealed in a book, "The Mac Hacker's Handbook" by Charlie Miller and Dino Dai Zovi, published in March.

In addition to the QuickTime update, Apple has released iTunes 8.2, which addresses a stack buffer overflow which could allow hackers to run code of their choosing on your computer if you clicked on a specially-crafted itms: link.

It's worth pointing out that the updates for iTunes and QuickTime are not just for Mac users, but also for PC owners running Windows Vista, Windows XP Service Pack 2 and later.

Whatever your operating system, it's essential that you keep on top of the latest security patches. Don't dilly-dally - get patched today.

Posted on June 2nd, 2009 by Graham Cluley, Sophos
Filed under: Apple, Malware

                                         

Free virus scan - Download the Sophos Threat Detection Test

Related posts

• Apple patches security holes with Mac OS X updates
• iPhone, iPod Touch, and QuickTime security updates
• Mac users urged to patch Java security holes
• Six security holes fixed in Safari 4.0.3
• Apple update fixes 46 iPhone security vulnerabilities