For the seventh time this year, Apple has distributed a new set of patches for its QuickTime movie player -- both the Mac and PC versions. Unpatched versions of the utility could open the user up to a malware attack, the Mac maker said. The number of patches Apple has issued for QuickTime are unusually high for Apple, according to Mike Haro, senior security consultant at Sophos.
Are you making the most of your CRM tool? Download the complimentary Angel.com white paper "Five Ways to Put Your CRM to Work for You and Your Customers" to learn how a voice-enabled CRM solution will help you take advantage of the telephone as a sales, marketing, service and support channel.
Apple (Nasdaq: AAPL) 
released another version of its QuickTime digital media player Monday. The latest edition of the application corrects seven potentially harmful security 
vulnerabilities discovered in previous versions of the software, QuickTime 7.2 and earlier.
Users of Windows XP and Windows Vista as well as users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later and Mac OS X v10.5 should download and install the QuickTime 7.3 update, according to Apple.
This is the seventh update Apple has released for QuickTime in 2007. Just one month ago, Apple released a fix for a critical flaw in the Windows version of the media player.
The number of patches Apple has issued for QuickTime are unusually high for the Mac maker, Mike Haro, senior security consultant at Sophos , said. However, he cannot say whether the difficulties Apple is having with QuickTime are a consequence of its cross-platform use in both Macs and PCs.
"It is unclear to me as to why there are an unusual amount of patches for this vulnerability," he told MacNewsWorld. "It appears as if they are applying different patches to newly realized ways that this vulnerability can be exploited.
"But [cross-platform applications such as QuickTime and Safari] do represent enough of a target that hackers could see a reason to focus on infecting those users," Haro added.
Six of the vulnerabilities could permit an attacker to install malware on a user's computer -- Mac or PC. Attackers exploit the flaw by enticing users to open a maliciously crafted movie or image file, according to Apple.
The seventh security bug deals with QuickTime for Java . These "multiple vulnerabilities" may enable "untrusted Java applets" elevated privileges. This could open the door for unauthorized access to sensitive personal information.
The vulnerabilities highlight the need for both Mac and PC owners to make sure that they have the latest patches.
"[Users need to] patch, patch, patch," Natalie Lambert, a Forrester Research analyst, told MacNewsWorld.
Repeated fixes aside, Haro said, Apple deserves a pat on the back for continuing to try and resolve this problem.
"Apple should be applauded for staying on top of the problem," he stated.
Next Article in Exploits & Vulnerabilities:
Security Flaw Doesn't Discriminate
Print Version
E-Mail Article
Reprints
More by Walaika Haskins
Related News Alerts
Related Resources
More Stories by Walaika Haskins
Talkback: