Apple has released Compressor 4.11.1, with an important security fix. Here are the details.
Apple fixes remote execution flaw
If you’re not familiar with Compressor, this is a professional app made by Apple that handles video and audio encoding, transcoding, and format conversion.
It works in conjunction with Final Cut Pro and Motion, allowing more flexible conversion workflows.
Recently, Apple updated the app to version 4.11, bringing support for multiple features and video capture technologies announced with the iPhone 17 lineup.
Today, however, Apple released an even more critical update to Compressor with version 4.11.1, fixing a rather serious security flaw, although it could only be exploited under very specific circumstances:
Compressor Available for: macOS Sequoia 15.6 and later Impact: An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code Description: The issue was addressed by refusing external connections by default. CVE-2025-43515: CodeColorist and Pedro Tôrres(@t0rr3sp3dr0)
This means that anyone who had enabled Compressor’s network-based server features could have been vulnerable to remote code execution, but only by someone on the same network.
Regardless, now that Apple has made the bug fix public, it is likely that attackers will try to exploit outdated versions of the app. So if you use Compressor as part of your workflow, you should update it as soon as possible.
To read more about today’s security update, follow this link.
... continue reading