Windows users of QuickTime, Apple's popular media player software, need to apply an update following the discovery of a serious security bug.

The vulnerability allows hackers to inject malicious code onto vulnerable systems providing users are tricked into opening a maliciously-constructed QTL (QuickTime Link) file. These files could be hosted on websites and disguised as links to movie clips or smut.

Apple published an update on Wednesday for QuickTime 7.2 on Windows Vista and XP SP2 that fixes the flaw. Users of QuickTime for Mac OS X are immune to the bug.

In a security notice, Apple explains the bug stems from flaws in the way Windows versions of QuickTime handle URLs in the qtnext field of QTL files. The fix involves improving the handling of these URLs. ®

Related stories

• Media player users beware: more vulns ahead (10 December 2007)
• Latest QuickTime Exploit targets both Macs and PCs (29 November 2007)
• QuickTime streaming media exploit targets unpatched bug (26 November 2007)
• Leopard security bug puts Mail users at risk (20 November 2007)
• With one bound, Apple is free of 54 security bugs (15 November 2007)
• QuickTime update fixes code-execution holes (6 November 2007)
• Doomwatchers sound Windows and IE vuln alarm (19 September 2007)
• Apple patches more than a dozen holes in OS X (25 May 2007)
• Updated QuickTime, not Safari, to blame for MacBook vuln (25 April 2007)
• MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
• Apple QuickTime update lances multiple bugs (6 March 2007)
• Apple apps not ready for Vista (9 February 2007)