News 

The integer overflow and heap-based buffer overflow vulnerability affects both the Mac OS X and Windows versions of QuickTime Player 7.0.3 and 7.0.4 and iTunesj 6.0.1 and 6.0.2.

An attacker who successfully exploited the flaw would be able to run code in the context of the logged in user. Most Windows users have admin accounts for day to day use with much greater privileges than Mac users, whose user accounts have limited rights and permissions.

Security company eEye Digital describes the flaw as high in terms of severity.

Apple has yet to issue any patches for the affected software, but will have around two months to issue a suitable fix before it comes under pressure, as the flaw is only at the initial report stage of the process.