Apple plugs eight QuickTime holes

Vulnerabilities in Apple's widely used QuickTime media player software can expose both Macs and Windows PCs to attack.

Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.

The vulnerabilities expose both Macs and Windows PCs to cyberattack, Apple said in a security alert. In all cases, an attacker could craft a malicious file which, when opened with QuickTime, could give the miscreant full control over a computer running the software, Apple said.

The problems lie in the way QuickTime handles a number of formats. The security updates repair problems in the way the software handles QuickTime, MIDI, 3GP, PICT and QTIF files, according to the Apple alert.

The fixed version of QuickTime is release 7.1.5. Along with the fixes, the latest version also includes some functionality improvements, Apple said. The update is available for download from Apple's Web site or through the Apple update feature, the company said.

Apple regularly issues patches for QuickTime. In January, the Mac maker put out a fix for a zero-day flaw that was released as part of the "" project.

Security researchers have increasingly been targeting applications such as QuickTime in recent months. With operating systems becoming more secure, widely used programs such as media players, instant-message tools and antivirus shields have become popular hacker targets, pundits have said.

Featured Video

Why do so many of us still buy cars with off-road abilities?

Cities are full of cars like the Subaru XV that can drive off-road but will never see any challenging terrain. What drives us to buy cars with these abilities when we don't really need them most of the time?

by Drew Stearne