Patch/Configuration Management, Vulnerability Management

Apple issues security update for seven QuickTime flaws

Share

Apple on Wednesday pushed out patches for seven QuickTime vulnerabilities, a sure sign that client-side bugs remain the focus for attackers in 2009.

All seven flaws could be exploited to execute arbitrary code when a user is tricked into viewing a maliciously crafted video file, according to an Apple advisory.

Andrew Storms, director of security for network security firm nCircle, said the vulnerabilities are sure to be leveraged in active attacks.

"Weaponized malware that can take advantage of these bugs will more than likely surface as drive-by attacks," he said. "Any user watching internet videos with QuickTime could easily become infected with a single click.

"Vulnerabilities and malware affecting client-side applications continue to rise," he added. "You don't have to look any further than yesterday's huge internet audience watching the Obama inauguration online to get a sense of the potential impact of these vulnerabilities."

Storms said companies need to pay particular attention to updates fromApple because they likely aren't running centralized patch managementsoftware, as is offered by Microsoft.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.