Apple has released Compressor 4.11.1, with an important security fix. Here are the details.
Apple fixes remote execution flaw
If you’re not familiar with Compressor, this is a professional app made by Apple that handles video and audio encoding, transcoding, and format conversion.
It works in conjunction with Final Cut Pro and Motion, allowing more flexible conversion workflows.
Recently, Apple updated the app to version 4.11, bringing support for multiple features and video capture technologies announced with the iPhone 17 lineup.
Today, however, Apple released an even more critical update to Compressor with version 4.11.1, handling a rather serious security flaw, although it could only be exploited under very specific circumstances:
Compressor
Available for: macOS Sequoia 15.6 and later
Impact: An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code
Description: The issue was addressed by refusing external connections by default.
CVE-2025-43515: CodeColorist and Pedro Tôrres(@t0rr3sp3dr0)
This means that anyone who had enabled Compressor’s network-based server features could have been vulnerable to remote code execution, but only by someone on the same network.
And while the fix apparently changes the default configuration, rather than handling the underlying exploit vector, it is still important to update it as soon as possible, as it is likely that attackers will try to target outdated versions of the app.
To read more about today’s security update, follow this link.
Accessory deals on Amazon
- Apple AirTag 4 Pack
- Beats USB-C to USB-C Woven Short Cable
- Logitech MX Master 4
- AirPods Pro 3
- Wireless CarPlay adapter
- iPhone Air Ultraslim Magsafe Power Bank
FTC: We use income earning auto affiliate links. More.
Comments