Apple has released an update to its QuickTime media player, fixing a number of critical security bugs in the software.
The QuickTime 7.3 update, released Monday, fixes seven bugs in the software. Six of the flaws could allow an attacker to run unauthorized software on a victim's PC. To do this, the attacker would first need to trick the victim into viewing a maliciously crafted movie or image file, Apple said.
The seventh flaw lies in QuickTime for Java, and it could be used to gain access to sensitive information or to run Java applets with elevated privileges, Apple said. The QuickTime patches issued Monday are for the latest versions of the Mac OS X operating system as well as Windows Vista and XP.
None of the bugs had been previously disclosed to the public, said Andrew Storms, director of security operations with nCircle Network Security.
In the past year, QuickTime has been closely scrutinized by security researchers, and this latest update was Apple's fifth QuickTime security fix for the year. The previous update, QuickTime 7.2, released in July, featured eight bug-fixes.
Apple credited outside researchers from companies like Adobe, Verisign, and 3Com for reporting the bugs it patched Monday.
"QuickTime seems to have become a new flavor of the month for researchers," Storms said. "I think part of the reason for the attention is that its cross platform. Many of the attacks will work on both Windows and Mac, and with Apple's market share in the PC market growing, there won't be any let-down to the attention that the hackers are giving Apple."

Sign up to receive Security Resource Alerts
A comprehensive security management solution can help you streamline, as well as grow, your current or evolving business. In this way, a strategic security approach can help you increase your competitiveness in these challenging market conditions.
Download now! »Find out how you can effectively collect, normalize and archive enterprise-wide, security-related data that is invaluable for security investigation and compliance reporting.
Download now! »This session focuses on the intersection of role management and identity compliance, and addresses the importance of identity compliance in enterprise governance and the challenges that organizations may face in achieving it.
View now! »