Apple has patched seven bugs in QuickTime in the new version 7.3 for Mac OS X and Windows.
All but one of the vulnerabilities would be ranked critical by other vendors, but Apple does not rate flaws or assign an urgency score to patches. Instead, it uses the phrase "arbitrary code execution" to note bugs that could be used by attackers to inject their own malicious software into an unpatched machine.
Two of the seven vulnerabilities are related to QuickTime's rendering of PICT images, one to how the player handles the QTVR (QuickTime Virtual Reality) file format, three to its movie file management, and one to how it works with Java applets.
The six flaws that involve image or video file formats can be exploited by attackers able to dupe users into opening malformed files, while the seventh - the one related to Java - could be used by getting a user to visit a website with a malicious applet. That vulnerability, however, requires the attacker to have some, if only limited, access rights to the target machine, said Apple.
QuickTime can be updated using Mac OS X's built-in Software Update feature, while Windows XP and Vista users can either download QuickTime 8.3 or use the update tool packaged with earlier editions.
Find your next job with computerworld UK jobs