The fix addresses a vulnerability in the Windows Vista and XP versions of QuickTime, which is commonly installed as a browser plug-in or as a component of iTunes. OS X users are not affected.
Apple said that the problem concerns QuickTime Media Links (QTLs) which are often used to launch media files from browsers.
If a specially crafted QTL is launched, QuickTime can allow access to a command line which could then be used to execute malicious code.
Security researcher Petko D Petkov showed last month how a malformed QTL file could be placed within a web page and disguised as a movie or song file.
When clicked, the links would allow for JavaScript code to run with the privileges of the current user.
The researcher provided several proof-of-concept samples which caused vulnerable machines to display alert boxes, launch arbitrary applications and even shut down.
Although the Apple security notice does not specifically mention the report, a spokesperson confirmed to vnunet.com that the fix addresses the flaw described by Petkov.
Users can obtain the update via the Software Update application or from Apple's support site.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
Private AI vs Public AI: How your organisation can securely adopt AI without compromise and excessive cost
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
