Apple late Wednesday released an update to its popular media player QuickTime, addressing 11 vulnerabilities that could be exploited by attackers to compromise PCs.
Most of the flaws, ranked "highly critical" by tracking firm Secunia, can be exploited to cause buffer overflows when unsuspecting end-users are tricked into viewing a maliciously crafted video file.
All of the 11 vulnerabilities affect unpatched Windows Vista machines, while nine impact systems running Mac OS X.
This is the third time this year that Apple has pushed out QuickTime updates.
Experts said many attackers are turning to media player exploits because users tend to trust links promising video. As a defense, users are advised not to visit untrusted websites or click on unknown links.
See original article on scmagazineus.com
Apple closes 11 mostly 'highly critical' QuickTime holes
By Dan Kaplan on Apr 4, 2008 10:03AM