Boobytrapped movie files could infect your Mac - patch now!

Mountain LionApple has issued a critical security update for users of Mac OS X 10.6.8 (Snow Leopard), 10.7.5 (Lion) and 10.8.4 (Mountain Lion) that users should install as quickly as possible.

According to details published by Apple, the security update fixes a variety of flaws in which the Mac OS X operating system handles movie files.

In a nutshell, a hacker could boobytrap a movie file in such a way that just viewing it could cause "unexpected application termination" or (gulp!) "arbitrary code execution". That last one, basically means that if you open a maliciously crafted movie file on your Mac computer you could infect it with a Trojan horse or virus.

The vulnerabilities were disclosed to Apple via HP's Zero Day Initiative, a program which pays security researchers cash for disclosing details of vulnerabilities. The hope has to be, of course, that malicious hackers have not also uncovered the vulnerabilities as they could be a profitable way to spread a malware attack and compromise Mac computers.

Mac OS X Security Update

Apple says that it has fixed the problems, which all relate to buffer overflows or underflows, by improving QuickTime's handling of bounds exceptions. But you're only protected against the vulnerabilities if you apply the patch. My recommendation would be to do so as soon as possible, rather than risk your chances.

If you don't want to wait for your Mac to prompt you that there are new security patches available, you can download Security Update 2013-003 directly from Apple's website.

Tags: , , , ,

Subscribe to the free GCHQ newsletter

, , , ,

Special offers & deals

  • Sticky Password Premium: Lifetime Subscription

    Sticky Password Premium: Lifetime Subscription

    Sticky Password protects your online identity by providing strong encrypted passwords for all your accounts, managed by a single master password known by you, and only you. Available for Mac, Windows, iOS, and Android. For a limited time, it's 80% off in our store.
  • IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    IT Security & White Hat Hacking: CompTIA & Cisco Certifications

    Whether you're a beginner or mid-level professional, you'll want to take this comprehensive online course, to help you attain two industry-recognised certifications. You'll master mobile hacking, VPN technologies, penetration testing, and much more--giving you the knowledge you need to succeed in any IT workplace.

More deals...

Leave a reply

Be the first to comment!

Notify of