We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

'Critical' Quicktime bug fixed by Apple

Windows and Mac OS X exploit tackled

Apple has released a security fix for its QuickTime media player software, fixing a critical bug that had been worrying security experts for nearly a month.

The update fixes a vulnerability in the Real Time Streaming Protocol (RTSP) used by QuickTime to handle streaming media. It also repairs a previously reported incompatibility between QuickTime 7.4 and Adobe Premiere and After Effects, according to an Apple spokesman.

Researcher Luigi Auriemma disclosed the flaw on January 10 by posting proof-of-concept attack code that could be used to run unauthorised software on a victim's computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.

With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday's QuickTime 7.4.1 update is for both the Mac OS X and Windows operating systems.

It's Apple's fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.

"In the past few months, QuickTime has been a prevalent target for security researchers," said Andrew Storms, director of security operations with nCircle Network Security. "Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren't yet accustomed to attacks arriving in the form of a viral video."

For more PC security news, reviews and tutorials, see Security Advisor


IDG UK Sites

Nexus 6 vs Sony Xperia Z3 comparison: Lollipop phablet takes on KitKat flagship smartphone

IDG UK Sites

Why people aren't upgrading to iOS 8: new features are for power users, not the average Joe

IDG UK Sites

Free rocket & space sounds: NASA launches archive of interstellar audio on SoundCloud

IDG UK Sites

iPad Air 2 review: Insanely fast and alarmingly thin. Speed tests, camera tests, beautiful...