The fix addresses a vulnerability in the Windows Vista and XP versions of QuickTime, which is commonly installed as a browser plug-in or as a component of iTunes. OS X users are not affected.
Apple said that the problem concerns QuickTime Media Links (QTLs) which are often used to launch media files from browsers.
If a specially crafted QTL is launched, QuickTime can allow access to a command line which could then be used to execute malicious code.
Security researcher Petko D Petkov showed last month how a malformed QTL file could be placed within a web page and disguised as a movie or song file.
When clicked, the links would allow for JavaScript code to run with the privileges of the current user.
The researcher provided several proof-of-concept samples which caused vulnerable machines to display alert boxes, launch arbitrary applications and even shut down.
Although the Apple security notice does not specifically mention the report, a spokesperson confirmed to vnunet.com that the fix addresses the flaw described by Petkov.
Users can obtain the update via the Software Update application or from Apple's support site.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
