QuickTime Flaw Found

Another flaw in Apple's QuickTime player found, putting users at risk


New QuickTime Flaw Found

The United States Computer Emergency Readiness Team (US-CERT) has found a new buffer overflow vulnerability with Apple's QuickTime media software.

The flaw affects both Windows and Mac operating systems. And since QuickTime is a part of iTunes, Apple's popular jukebox software, iTunes is also affected, said the researchers.

The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.
The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.

US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.

Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.