Apple Monday urged users of its QuickTime media player to upgrade to the latest version to correct multiple security flaws attackers could exploit to run insidious code on targeted machines by luring the user to a malicious Web site.
The French Security Incident Response Team (FrSIRT) rated the flaws critical in an 0825 advisory. It described the flaws as:
The flaws affect Apple QuickTime 7.1.4 and prior. The solution is to upgrade to QuickTime 7.1.5.
Apple had previously updated QuickTime in January to fix a flaw that left users' machines open to bot infections.
That flaw was disclosed at the start of the year by the vulnerability researcher known as LMH. The researcher disclosed a variety of Apple flaws as part of his "Month of Apple Bugs" project.