We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Fix Flash and QuickTime media danger

Media players are a necessary part of today’s digital-entertainment world, but they give crooks another entry into your system. Case in point: critical holes found in Adobe’s Macromedia Flash Player and in Apple’s QuickTime media player. An exploit of either bug could enable hackers to hit you with a drive-by malware download.

This article appears in the October 06 issue of PC Advisor, which is available now in all good newsagents.

Bugged versions of Flash Player 4.0, 5.0 and 6.0 accompanied virtually every copy of Windows, from the first edition of Windows 98 right up to XP SP2. The only exceptions are Windows 2000, XP Pro x64 and Windows Server 2003. All versions before 8.0.22 are at risk.

Because of this vulnerability, if you simply view a poisoned website or email message containing a doctored flash movie (.swf) file, the player will crash due to a buffer overflow and the corrupted file can run any command its perpetrator wants it to: download spyware or erase files.

No attacks had been reported at the time of writing, but don’t take any chances. Update the Microsoft-redistributed versions via Automatic Updates, or get version 9.0 from Adobe at www.adobe.com/products/flashplayer (Windows only), if you’ve already upgraded from older versions.

QuickTime holes

Meanwhile, Apple has patched 12 critical holes in its own player with QuickTime 7.1 (for Windows and Mac OS).

As with the Flash bugs, these vulnerabilities could cost you control of your PC if you view a poisoned media file in QuickTime, but a range of movie and image file types may be used, including Jpeg, bitmap, AVI, Mpeg and QuickTime.

Beware Word documents

Crooks have targeted a serious hole in Microsoft Word, sending corrupted .doc files in email attachments to invade vulnerable PCs. Some of the email messages have subject lines such as ‘Notice’ and ‘RE: Plan for final agreement’.

Microsoft has patched the vulnerability in Word XP and Word 2003. The patch has been available via Automatic Updates since June 06.

So far, the number of known attacks is small but, as always, be extra careful with email attachments, even if they purport to be from someone you know.

IDG UK Sites

Sony Xperia Z3+ (UK Sony Xperia Z4) UK release date, price and specification: Pre-order the Sony Xp9......

IDG UK Sites

Why Intel’s vision of the future is a future I want to live in

IDG UK Sites

What Jony Ive's new job means for Apple design

IDG UK Sites

Jony Ive 'semi-retired' into new role: kicked upstairs as Chief Design Officer