14 DAY TRIAL // The famous application QuickTime is again brought in the spotlights because the parent company Apple discovered some highly critical vulnerabilities that must be patched to avoid a successful exploitation from the attackers. According to the Cupertino firm, the flaws were confirmed for both Windows and Mac versions of the application and can be exploited by opening a dangerous movie file. It seems like hackers can easily take advantage of the vulnerability when the consumer visits a malicious website modified by the attackers with special codes.
"A memory corruption issue exists in QuickTime's handling of H.264 movies. By enticing a user to access a maliciously crafted H.264 movie, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime H.264 movies," Apple mentioned in a security advisory released today.
This is not the first time when QuickTime is vulnerable to attacks and a simple security flaw might harm the entire computer. In the past, the multimedia player was affected by a lot of similar holes but this time it is something different. As you can see, the vulnerability can be exploited by tricking the users to click on a dangerous video files that is exactly what QuickTime should open. As usual, you can become a little bit too paranoiac and avoid the exploitation of the vulnerabilities by refusing to click on unknown or untrusted video files.
"An integer overflow vulnerability exists in QuickTime's handling of .m4v files. By enticing a user to access a maliciously crafted .m4v file, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of .m4v files," Apple describes a security flaw that concerns the video formats supported by QuickTime.