Apple is pushing out its Security Update 2013-003 to users, fixing a trio of vulnerabilities that affect Apple’s QuickTime media player. What’s even more surprising is that the vulnerabilities were all reported to Apple via HP’s Zero Day Initiative (ZDI), and all have previously been patched on Windows.
The three vulnerabilities all involve a user playing or viewing some form of maliciously crafted video file that could potentially enable an attacker to execute arbitrary code.
HP’S ZDI group pays security researchers for their vulnerability disclosures. ZDI then works with vendors to disclose the flaws in a responsible manner.
Scott Lambert, director of Threat Research for HP Security Research (HPSR), explained to eSecurity Planet that due to its popularity in both enterprise and consumer environments, QuickTime is one of the prevalent technologies that HP Zero Day Initiative works to protect through its responsible disclosure program.
“We work closely with Apple to share critical vulnerabilities that are identified by the independent research community, and as a result, 12 of these vulnerabilities have been patched this year in QuickTime alone,” Lambert said.
Read the full story at eSecurity Planet:
Apple Updates Mac OS X for QuickTime Vulnerabilities
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.