According to Intego, the problem is with the "quicktime type" tag and its inability to handle longs strings. Researchers say any application that uses QuickTime is susceptible to the flaw. This includes applications like iTunes, Safari, Firefox, or Mail, which displays media inline. Even Quick Look, Apple’s Finder preview feature is at risk.
The flaw can be executed remotely or locally, according to researchers. Files containing the strings will only cause the affected application to crash, for now. However, malicious code could be added to those files in the future.
There doesn’t appear to be any malicious files in the wild yet. Intego said they will continue to watch the bug to see if someone attempts to use it.