Apple has been presented with yet another security headache by an independent researcher.
Krystian Kloskowski has posted a proof-of-concept exploit for a vulnerability in Apple's QuickTime multimedia software.
The researcher said that a successful attack could enable the remote execution of malicious code.
The exploit targets a flaw in the way QuickTime handles information for streaming media files.
Malformed data could be hidden within a streaming media file to trigger a buffer overflow error, which could allow the attacker to access the system with the privileges of the current user.
Even an unsuccessful attack could crash the QuickTime player, according to Kloskowski.
The exploit exists only as a proof-of-concept sample to verify the existence of the flaw. There have been no reports of any attacks targeting the vulnerability.
Many users will be comforted to know that their choice of browser could prevent the attack. Researchers at Symantec have found that Internet Explorer 6 and 7 do not allow the exploit to run.
"Firefox users are more susceptible because Firefox farms off the request directly to the QuickTime player as a separate process outside its control," wrote Symantec researcher Elia Florio in a company blog.
"As a result, the current version of the exploit works perfectly against Firefox if users have chosen QuickTime as the default player for multimedia formats."
Florio warned that attackers may adjust the exploit to work in other browsers, and advised users to adjust their firewalls to block outbound traffic from TCP 554 and avoid following untrusted links.
This latest vulnerability comes at a difficult time for Apple on the security front. Researchers blasted the company earlier this month for shortcomings in the firewall on the new MacOS X Leopard operating system.
Meanwhile, a Trojan targeting Mac users has continued to flourish on fake codec sites.
Found by calculating the strength of the material deep inside the crust of neutron stars
Can highlight in real-time the relevant regions of an image being described
Double legal trouble for Musk as he also faces civil lawsuit over renewed British pot-holer 'paedo' claims
Battery development could help boost performance of smartphones