Boobytrapped movie files could infect your Mac - patch now!


Mountain LionApple has issued a critical security update for users of Mac OS X 10.6.8 (Snow Leopard), 10.7.5 (Lion) and 10.8.4 (Mountain Lion) that users should install as quickly as possible.

According to details published by Apple, the security update fixes a variety of flaws in which the Mac OS X operating system handles movie files.

In a nutshell, a hacker could boobytrap a movie file in such a way that just viewing it could cause “unexpected application termination” or (gulp!) “arbitrary code execution”. That last one, basically means that if you open a maliciously crafted movie file on your Mac computer you could infect it with a Trojan horse or virus.

The vulnerabilities were disclosed to Apple via HP’s Zero Day Initiative, a program which pays security researchers cash for disclosing details of vulnerabilities. The hope has to be, of course, that malicious hackers have not also uncovered the vulnerabilities as they could be a profitable way to spread a malware attack and compromise Mac computers.

Mac OS X Security Update

Apple says that it has fixed the problems, which all relate to buffer overflows or underflows, by improving QuickTime’s handling of bounds exceptions. But you’re only protected against the vulnerabilities if you apply the patch. My recommendation would be to do so as soon as possible, rather than risk your chances.

If you don’t want to wait for your Mac to prompt you that there are new security patches available, you can download Security Update 2013-003 directly from Apple’s website.

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

No comments yet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.