Apple issues security update for seven QuickTime flaws
Apple on Wednesday pushed out patches for seven QuickTime vulnerabilities, a sure sign that client-side bugs remain the focus for attackers in 2009.All seven flaws could be exploited to execute arbitrary code when a user is tricked into viewing a maliciously crafted video file, according to an Apple advisory.
Andrew Storms, director of security for network security firm nCircle, said the vulnerabilities are sure to be leveraged in active attacks.
"Weaponized malware that can take advantage of these bugs will more than likely surface as drive-by attacks," he said. "Any user watching internet videos with QuickTime could easily become infected with a single click.
"Vulnerabilities and malware affecting client-side applications continue to rise," he added. "You don't have to look any further than yesterday's huge internet audience watching the Obama inauguration online to get a sense of the potential impact of these vulnerabilities."
Storms said companies need to pay particular attention to updates from Apple because they likely aren't running centralized patch management software, as is offered by Microsoft.
