Apple Releases Security Update to Fix Bugs in QuickTime

On January 21, 2009, Apple released an update for QuickTime to patch seven security flaws. An advisory from the company said that these flaws could be used to execute an arbitrary code by tricking a user into opening a malware-laden file.

Apple said that all the seven flaws are very dangerous. An attacker can run a program of his choice on an affected system by persuading the end-user to open a specially constructed media or video file. The security update is available for both PC and Mac editions of the software and addresses both performance and security issues.

Security experts at Apple said that the vulnerabilities certainly indicate that attackers' focus this year (2009) is on the client side loopholes According to Andrew Storms, Director for Network Security at nCircle, a security company, these flaws are certainly going to be leveraged for active attacks, as reported by SCMagazine on January 21, 2009.

Storms said that a hostile malware that exploits these security flaws is likely to emerge as drive-by assaults. Whenever a user watches online movies using QuickTime, he would easily be infected by conducting just one click.

According to Microsoft's latest "Security Intelligence Report", during the early six months of 2008, a flaw in QuickTime represented the 3rd and 4th most exploited browser bug on Windows Vista and XP operating systems.

Security experts have caution that QuickTime users, particularly on Windows, do not waste too much time in installing the new update. Meanwhile, since QuickTime is so popular and seldom updated, the application has increasingly attracted hackers' attention to create and trade automated toolkits for attack-codes.

In addition, the experts also disclosed that these attack toolkits are those elements that hackers commonly insert into compromised websites. Every time a user accesses a hacked site, the attack toolkit verifies whether the Web browser plug-ins are still vulnerable to the flaws. Subsequently, it delivers an attack code for the foremost bug it comes across to quietly infect the visitor's computer with malware.

Related article: Apple Patches QuickTime 13 Month Old Flaw

» SPAMfighter News - 1/28/2009