Apple repairs QuickTime flaw

Apple Inc. has repaired a "highly critical" flaw that could allow an attacker to hijack computers running on the company's Mac OS X and Microsoft Corp.'s Windows operating systems.

The companyreleased a fix Tuesday for a weakness in QuickTime for Java commonly used to view or listen to media files online that could let an attacker seize control of a computer after a would-be victim visits a specially crafted website, which they might be lured to through an e-mail, for example.

"By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution," Apple said in a security advisory posted on its website. This means software could be activated giving a hacker control of, or access, to the computer.

The previously unknown vulnerability affects QuickTime versions 7 and earlier, and was discovered as part of a hacking challenge at the CanSecWest computer security conference in Vancouver in April.

Danish computer security firm Secunia ApS ranked the flaw "highly critical," its second-highest rating on a five-point scale.

Mac users who have enabled the Mac OS software update feature will automatically receive the patch when they connect to the internet. The fix for QuickTime 7.1.6 for Mac and Windows machines can be also downloaded from Apple's website.

Apple also Tuesday released an upgraded version of a security repair issued in April.

Version 1.1 of Apple's Security Update 2007-04 addresses problems introduced to the AirPort Wi-Fi connection and FTPServer file-transfer.

The problems include wireless connections being dropped and the ability for people with FTP access to view file directories beyond ones that are normally permitted.