Apple has fixed a number of nasty bugs in its QuickTime media player.
The fixes cover a total of five flaws in the player that could be used by attackers to run unauthorised code on a Max OS X or Windows computer running QuickTime.
Attackers can exploit the bugs by tricking a user into viewing a maliciously crafted image or media file with the QuickTime Player, Apple said.
Kyle Haugsness of the SANS Internet Storm Center was stunned by the size of the hole. "A maliciously-crafted GIF/TIFF/TGA/QTIF image or multimedia file may result in arbitrary code execution. Well that pretty much covers the whole Web browsing thing."
Image-related security vulnerabilities have grabbed a lot of attention lately, thanks in large part to a WMF (Windows Metafile) bug that hackers were exploiting last week.
The WMF bug eventually gathered so much attention that on Thursday Microsoft took the unusual step of patching it several days ahead of its regularly scheduled security software update. That regular update occurred today for UK users.