Serious unpatched flaws have been discovered in Apple’s QuickTime media player and iTunes music downloading software, which potentially affect millions of Windows PC users.
The flaws have been discovered by internet security company eEye Digital Security, which says the vulnerabilities allow remote attackers to take over a user’s PC.
Apple only launched the latest version of its iTunes software last week, and the flaw affects this version, said eEye.
So far, eEye has only confirmed the flaws in software designed for Windows-based machines. It is still analysing whether Apple’s Mac operating system is also affected.
Apple has not issued a patch against the flaws and has not commented on the problem.
To allow an attacker to take over a machine, the user must first click on an unsolicited link that launches a media file.
EEye describes the threat as “high risk”, particularly since many users don’t take the same care with opening media files as they do with other content.
The report of a new vulnerability in QuickTime comes just weeks after Apple was forced to patch three security holes in the system.