QuickTime under fire

A recent Apple announcement warned QuickTime users of a number of critical vulnerabilities in its software, says Sophos SA CEO Brett Myroff.

"An update issued by the company addresses 11 vulnerabilities - nine of which can be exploited by hackers to remotely execute malicious code on a targeted computer," says Brett Myroff, CEO of regional Sophos distributor, Sophos SA. "Five of the remote code execution flaws could potentially be exploited by hackers via the use of malicious movie files."

Both Windows and Macintosh users have been advised by Apple to update their QuickTime software, he says.

"There have been numerous QuickTime vulnerabilities discovered in the last few months, and the danger is that hackers will exploit them by fooling computer users into clicking on a link to a movie," Myroff says. "Historically, Windows users have been more at threat from QuickTime vulnerabilities than Mac fans, but it would be sensible for people on either side of the OS divide to make sure their systems are properly secured and patched."

Sophos suggests that every IT manager responsible for security should consider subscribing to mailing lists to keep informed of the latest vulnerability announcements.

Myroff reminds companies of the dangers of hackers breaking into their corporate systems, following an announcement this week from a firm that it has been the victim of a data breach.

"US motoring parts retailer, Advance Auto Parts, has announced on its Web site that hackers have gained access to the financial information of 56 000 of its customers, through an attack which affected 14 of its stores worldwide," he says.

Details of how the information was stolen have not been made public, and the identities of the hackers are currently unknown, says Myroff.

"News of Advance Auto Parts' data breach has followed in the footsteps of other higher profile incidents such as the loss by Hannafords supermarket chain of 4.2 million credit card details, and last year's announcement by TJ Maxx that hackers had stolen information on 45 million credit card transactions.

"Advance Auto Parts joins a growing list of companies who have suffered from an embarrassing data breach, and this news may rattle the confidence of customers," Myroff adds. "All companies would be wise to look long and hard at their own security to make sure that they are doing everything possible to reduce the chances that they will be the next to fall victim."

Trojans that have been noted this week, and affecting Windows users include Troj/Agent-GVJ, Troj/Bifrose-VT, Troj/Delf-FAE, VBS/Psyme-HZ, and Troj/BHODLL-D, Myroff says.

"Computer users should protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses," Myroff concludes.