Mac maker Apple released an update on Monday for QuickTime that patches nine flaws (corrected) in the Windows version of the program, including eight flaws that also affect QuickTime for the Mac OS X. The security vulnerabilities occurred in how the program handles a variety of different media formats, including movie files, third-generation partnership project (3GPP) files, QuickTime image files (QTIF), and Picture (PICT) files. Exploiting any of the nine flaws could allow an attacker to run code on the target's PC or Mac, the company stated in an advisory. Media files have increasingly become a vector for attacks. The update for the widely-used media software comes a week after a security researcher took Apple to task for its handling of security flaws. In January, two researchers also targeted Apple with a month dedicated to disclosing bugs in the company's products on a daily basis. The Month of Apple Bugs reported a number of QuickTime issues. Five of the flaws were found by researchers at McAfee's antivirus labs. Three issues appear to have been independently reported by two or more researchers. The update will be downloaded and installed through the Mac OS X's Software Update facility, if the preferences have been set to allow automatic updating. For Windows users, the latest version of QuickTime can be downloaded from Apple's Web site. www.securityfocus.com
