QuickTime hole waiting to be filled in

A critical hole in Apple Computer's QuickTime media player has been identified and is waiting on a patch from the vendor.

The vulnerability rated at "high severity" by eEye Digital Security -- the company that discovered it -- enables malicious code to be run on someone's machine "with little user interaction". The hole exists across all versions of QuickTime and is present in the software's default settings, increasing the risk of the hole being used by hackers.

Apple was informed on Feb. 18 and is working on a patch. EEye has stuck the problem in its upcoming advisories, complete with a bar chart showing that with only fifteen days having passed since the bug was discovered, Apple users have not yet passed into dangerous territory.

The same cannot be said for Microsoft however. EEye has flagged up no less than three high severity problems with Microsoft software all of which are well past the maximum 60-day level that eEye feels is appropriate. It was eEye you'll remember that discovered the critical ASN flaw in Windows last month.

Join the newsletter!

Error: Please check your email address.

More about Apple ComputereEye Digital SecurityMicrosoft

Show Comments
[]