Get yer patching on.
From eWeek:
Quick on the heels of QuickTime being given the dubious honor of being named one of the year’s 12 scariest applications, Apple has posted security advisories for seven vulnerabilities in the media player, all of which could allow attackers to execute random code on vulnerable systems.
QuickTime is a widely used plug-in for Web browsers running on Mac OS or Windows operating systems.
Symantec reported that there are no exploits out for those seven flaws. But on Nov. 6, Symantec also updated one of its Deep Sight security alerts regarding yet another bug. This one is an arbitrary script execution weakness when processing QuickTime Media Link files (.qtl). For that, proof-of-concept exploit code was first made available in January, with yet more proof-of-concept code coming from security researcher Aviv Raff in September.
Symantec said that .qtl files, which are written in XML, can be opened if the file name includes any of these extensions: .qtl, .mp3, .mp4, .m4a, .mov, .avi or .asf.
Tags: QuickTime, QuickTime Vulnerabilities, QuickTime Exploits
