A critical hole in Apple Computer's QuickTime media player has been identified and is awaiting a patch.
The vulnerability rated at "high severity" by eEye Digital Security, enables malicious code to be run on someone's machine "with little user interaction".
The hole exists across all versions of QuickTime and is present in the software's default settings, increasing the risk of the hole being used by hackers.
Apple was informed on 18 February and is working on a patch. eEye has stuck the problem in its upcoming advisories, complete with a bar chart showing that with only 15 days having passed since the bug was discovered, Apple users have not yet passed into dangerous territory.
eEye has flagged up no less than three high severity problems with Microsoft software, all of which are well past the maximum 60-day level that eEye feels is appropriate. eEye discovered the critical ASN flaw in Windows last month.
Kieren McCarthy writes for Techworld.com