Researchers discover new QuickTime vulnerability

The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple’s QuickTime media software.

The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple’s popular iTunes jukebox software, that application is also affect, researchers said.

The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.

The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.

US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.

Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.

Apple representatives were not immediately available for comment.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Apple @ Work Newsletter