A security researcher has discovered a flaw in older versions of Apple's QuickTime plug-in, which makes Internet Explorer users vulnerable to a drive-by attack.
According to Reuters, the vulnerability affects users running QuickTime 7.x or the older QuickTime 6.x on IE web browser installed on Windows XP, Vista and Windows 7, regardless of the version.
The Spanish security researcher, Ruben Santamarta, explained that it was easy for hackers to exploit this vulnerability, by simply duping the users into visiting a malware-laden website.
Santamarta's discovered the flaw after using one of his own exploit codes, which proved effective because Apple forgot to check the system for vulnerabilities after developers dropped the '_Marshaled_pUnk' function on QuickTime.
The advisory released by the security expert explained that "Although this functionality was removed in newer versions, the parameter is still present. Why? I guess someone forgot to clean up the code."
Users are advised to remove the QuickTime plug-in installed on their IE web browser until Apple decides to do something about the flaw.