14 DAY TRIAL // A new vulnerability was discovered in Apple's QuickTime which could enable an attacker to execute arbitrary code on the affected systems, SecurityFocus reported today. But what's more important is that a successful exploitation requires users' approval, as they are required to visit a malicious page or to click on a dangerous file. The only affected product is QuickTime 7.2 so the update to the 7.3 release is supposed to keep the users away from attacks. Apple was already informed about the presence of the flaw and released a security notification to give more information about the QuickTime trouble.
Referring to the QuickTime 7.3 security content, Apple wrote that the improvements concern Mac OS X 10.3.9, Mac OS X 10.4.9, Mac OS X 10, Windows Vista and Windows XP SP2.
"A memory corruption issue exists in QuickTime's handling of image description atoms. By enticing a user to open a maliciously crafted movie file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime image descriptions," Apple mentioned in one of the descriptions. "Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution," Apple continued.
As I said, you can avoid a successful exploitation of the reported flaw by updating to QuickTime 7.3, also available on Softpedia here.
QuickTime has always been one popular software technology especially for the Mac users because the application comes as the default tool for viewing or playing multimedia files. But the Windows users also adopted the program, QuickTime quickly becoming one of the most important utilities for the Microsoft customers. That's why it's pretty important to stay up to date with the latest vulnerabilities, security flaws or releases, the only way to avoid attacks and successful exploitation of the glitches.
For more information about the 7.3 release, you can read the Apple notification available here.