14 DAY TRIAL // A new QuickTime and iTunes flaw has been discovered, which can potentially be exploited by malicious users to cause a Denial of Service (DoS) attack.
"The vulnerability is caused due to an error in handling malformed '.mov' files. This can be exploited to cause memory corruption, which causes the program to crash. It has been reported that arbitrary code execution may be possible. However, this has not been confirmed," reports security site Secunia.
The flaw, discovered by Tom Ferris, has been confirmed in Apple QuickTime Player 7.0.3 and iTunes 6.0.1.3.
At this moment is yet unclear how big of an issue this newly discovered flaw is, as the execution of arbitrary code has yet to be confirmed; also, it has yet to be determined if this flaw affects other versions of QuickTime and/or iTunes. At the moment, the site lists the flaw as being "moderately critical" and having an "unknown impact".
It is recommended that, until more information is unearthed, users play only .mov media files from sources that can be trusted. This will serve to prevent any potential abuse of this flaw until an exact analysis of its extent can be made and Apple issues a security update.