Apple has released an update for its QuickTime software to close 12 vulnerabilities. Version 7.7.1 includes 10 fixes for flaws that, if exploited, could lead to arbitrary code execution. Most of the bugs involve memory or buffer overflow issues, whereby viewing a malicious movie file could result in an exploit. The update is available for Windows 7, Vista, XP and later versions.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.