VULHUB ™

A vulnerability has been reported for QuickTime where an attacker may use the updating facility to install malicious software on the vulnerable system. When updating the software, QuickTime uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the user requesting the updates.

A vulnerability has been reported for QuickTime where an attacker may use the updating facility to install malicious software on the vulnerable system. When updating the software, QuickTime uses HTTP, without any authentication, to obtain updates from Apple. Any updated packages are installed on the system as the user requesting the updates.