Apple plugs security holes in QuickTime and iTunes

by Graham Cluley on June 2, 2009 | Comments Off

Filed Under: Apple, Vulnerability

Apple has released an updated version of QuickTime (version 7.6.2) which fixes a number of security vulnerabilities. If left unpatched the security holes could be exploited by hackers who could create a booby-trapped movie or audio file, programmed to execute malicious code on computers.

Mac Security Update

More information about the vulnerabilities in QuickTime can be found on Apple's website.

Curiously, MacWorld is reporting that one of the QuickTime bugs was partially revealed in a book, "The Mac Hacker's Handbook" by Charlie Miller and Dino Dai Zovi, published in March.

In addition to the QuickTime update, Apple has released iTunes 8.2, which addresses a stack buffer overflow which could allow hackers to run code of their choosing on your computer if you clicked on a specially-crafted itms: link.

It's worth pointing out that the updates for iTunes and QuickTime are not just for Mac users, but also for PC owners running Windows Vista, Windows XP Service Pack 2 and later.

Whatever your operating system, it's essential that you keep on top of the latest security patches. Don't dilly-dally - get patched today.

Tags:

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.