The new flaw affects both Apple’s QuickTime 7.5.5 and iTunes 8.0 software and can be used to crash browser applications.
In addition, the vulnerability could offer hackers a door through which they’d be able to inject hostile code onto vulnerable systems. Researchers have yet to be 100% sure of this scenario and they currently rate it as “possible”.
In order to successfully exploit the new flaw, the surfer must be tricked ito open a maliciously constructed QuickTime tag contained on a web page or embedded in an MP3 and video clip file.
Apple has yet to offer any information on how soon it will release a patch. According security clearing house US CERT, the flaw affecting iTunes and QuickTime is a high risk bug.