on Wednesday pushed out patches for seven QuickTime
vulnerabilities, a sure sign that client-side
bugs remain the focus for attackers in 2009.
All seven flaws could be exploited to execute arbitrary code when a user is tricked into viewing a maliciously crafted video file, according to an Apple advisory
Andrew Storms, director of security for network security firm nCircle, said the vulnerabilities are sure to be leveraged in active attacks.
"Weaponized malware that can take advantage of these bugs will more than likely surface as drive-by
attacks," he said. "Any user watching internet videos with QuickTime could easily become infected with a single click.
"Vulnerabilities and malware affecting client-side applications continue to rise," he added. "You don't have to look any further than yesterday's huge internet audience watching the Obama inauguration online to get a sense of the potential impact of these vulnerabilities."
Storms said companies need to pay particular attention to updates fromApple because they likely aren't running centralized patch managementsoftware, as is offered by Microsoft.