January 21, 2009

Apple issues security update for seven QuickTime flaws

Apple on Wednesday pushed out patches for seven QuickTime vulnerabilities, a sure sign that client-side bugs remain the focus for attackers in 2009.

All seven flaws could be exploited to execute arbitrary code when a user is tricked into viewing a maliciously crafted video file, according to an Apple advisory.

Andrew Storms, director of security for network security firm nCircle, said the vulnerabilities are sure to be leveraged in active attacks.

"Weaponized malware that can take advantage of these bugs will more than likely surface as drive-by attacks," he said. "Any user watching internet videos with QuickTime could easily become infected with a single click.

"Vulnerabilities and malware affecting client-side applications continue to rise," he added. "You don't have to look any further than yesterday's huge internet audience watching the Obama inauguration online to get a sense of the potential impact of these vulnerabilities."

Storms said companies need to pay particular attention to updates from Apple because they likely aren't running centralized patch management software, as is offered by Microsoft.
Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.