QT, iTunes security flaw

A could allow malicious users to compromise users' systems, according to a new report. Security site Secunia says that a vulnerability in Apple's QuickTime 7.03 player and iTunes 6.01.3 could be exploited by malicious users to cause a DoS (Denial of Service) attack. The site, however, says the "moderately critical" vulnerability has an "unknown impact" and was unable to confirm arbitrary code execution. It is also not known if the bug affects older versions of QuickTime and/or iTunes. "The vulnerability is caused due to an error in handling malformed ".mov" files. This can be exploited to cause memory corruption, which causes the program to crash." The site recommends that users not open .mov media files from untrusted sources to avoid exposing the flaw until Apple issues an update.

by MacNN Staff