Apple has released an update to QuickTime for Mac OS X 10.3.9 and later, Windows XP, and Windows Vista. QuickTime 7.1.5 fixes numerous bugs, along with a flaw that could enable a maliciously crafted file to crash a program employing QuickTime or to allow arbitrary code execution - a phrase that often means there's a potential for an attacker to gain control of a computer or, at least, install malware.

Affected file types are broad: 3GP videos, MIDI files, native QuickTime movies, images in the venerable PICT file format, and QTIF files. Apple's notes indicate that a user need only open a maliciously crafted file, which means that Web sites could be used to launch attacks by embedding QuickTime documents in the right format.

There have been no reports of this flaw being exploited in the wild. A previous QuickTime flaw related to handling of JavaScript was exploited, notably on MySpace. Apple claims to have provided a temporary fix to MySpace, but it's unclear if that fix has made it into QuickTime 7.1.5.