Users of Apple's QuickTime media player need to upgrade or face a potentially critical attack, Danish security testing firm Secunia has warned in an online advisory. 

Hackers could craft a special .mov file which could be used to attack two flaws in the player. Two further critical flaws can be found in the Null pointer code, and when handling Pict files.

QuickTime versions 6.5.2 and 7.0.1 are vulnerable, but the latest version of the software, available for download here, fixes the problems. 

The vulnerabilities were first discovered by independent security expert Piotr Bania.