QuickTime 7.0.3, Macromedia Flash security vulnerabilities reported

Secure OS X reports on two current vulnerabilities -- one affecting QuickTime content on Mac OS X platforms, and the other affecting Mac OS 9 and prior systems.

The first issue relates to a remotely exploitable flaw exists that allows arbitrary code to be executed in the context of the logged in user. The flaw affects various version of QuickTime including 7.0.3. As reported by Secure OS X, the bug theoretically exits under both Mac OS X and Windows editions of QuickTime, though it has yet to be demonstrated on the former.

The second vulnerability resides in Macromedia Flash Player 7 and could allow the execution of arbitrary code. The current version of Macromedia Flash Player (8.0.22.0) contains a fix for the vulnerability, but no such version exists for Mac OS 9 and earlier.

Resources