Tom Ferris, an independent security researcher, has provided more details on a security flaw in Apple Computer's popular iTunes and QuickTime software that could put systems running Windows and Mac OS X at risk of attack. He first .
An attacker could commandeer a vulnerable computer by tricking a user into opening a malicious ".mov" media file, the Mission Viejo, Calif.-based bug hunter said in an advisory posted on his Security-Protocols.com Web site late Tuesday.
"The vulnerability allows an attacker to cause the program to crash and could allow the execution of arbitrary code," Ferris said. "The flaw exists in all current and earlier versions of iTunes and QuickTime."
Security-monitoring company Secunia rates the issue "moderately critical", while the French Security Incident Response Team, a research outfit, tags it "critical." Apple did not respond to a request seeking comment.
Ferris said he reported the problem to Apple earlier this month. On Dec. 2, he posted only a snippet of information on the flaw on his Web site, followed Tuesday by a complete security advisory, including examples of malformed media files that cause iTunes and QuickTime to crash.
Media player flaws are nothing new. Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications, the SANS Institute said recently. Apple has had tobefore. eEye Digital Security earlier this month issued an .
For protection, Ferris' recommends that computer users don't open media files, or any file for that matter, from untrusted sources.