Apple is asking Windows users to update their copies of QuickTime following the release of a patch for multiple security vulnerabilities.
The QuickTime 7.7.4 update contains fixes for 12 different CVE-classified security problems. If exploited, the flaws could allow an attacker to remotely install malware on a targeted system.
Among the updates are fixes for remote code execution vulnerabilities in the handling of movie files. The flaws could allow an attacker to use a specially-crafted movie file to target a memory error that would lead the application to crash and potentially allow an attacker to install malware.
Other vulnerabilities addressed in the update include flaws for the handling of MP3 and QTIF files, which could also in theory be used by attackers to target systems for remote code execution attacks.
The company is advising all PC users who run QuickTime on Windows XP, Vista and Windows 7 to install the update with Apple's Software Update utility or through the company's QuickTime download site.
While QuickTime itself has not been a major target for attacks on Windows, malware writers have increasingly looked to browser plugins and media applications as possible backdoors for malware infection. Adobe's Reader platform and Oracle's Java have been found to be even more popular targets for attack than the Windows operating system itself.
Because the flaws can be targeted through the web with automated attacks, malware writers often prefer to target media players and browser plugins for drive-by malware installations.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all