Apple is asking Windows users to update their copies of QuickTime following the release of a patch for multiple security vulnerabilities.
The QuickTime 7.7.4 update contains fixes for 12 different CVE-classified security problems. If exploited, the flaws could allow an attacker to remotely install malware on a targeted system.
Among the updates are fixes for remote code execution vulnerabilities in the handling of movie files. The flaws could allow an attacker to use a specially-crafted movie file to target a memory error that would lead the application to crash and potentially allow an attacker to install malware.
Other vulnerabilities addressed in the update include flaws for the handling of MP3 and QTIF files, which could also in theory be used by attackers to target systems for remote code execution attacks.
The company is advising all PC users who run QuickTime on Windows XP, Vista and Windows 7 to install the update with Apple's Software Update utility or through the company's QuickTime download site.
While QuickTime itself has not been a major target for attacks on Windows, malware writers have increasingly looked to browser plugins and media applications as possible backdoors for malware infection. Adobe's Reader platform and Oracle's Java have been found to be even more popular targets for attack than the Windows operating system itself.
Because the flaws can be targeted through the web with automated attacks, malware writers often prefer to target media players and browser plugins for drive-by malware installations.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago