Apple security update fixes QuickTime flaw

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

Apple on Tuesday posted Security Update 2007-001, which fixes a problem first brought to light earlier this month by the Month of Apple Bugs project.

The update has been distributed in separate downloads for Mac OS X v10.3 “Panther” and Mac OS X v10.4 “Tiger” users. It can also be downloaded through the Software Update system preference.

The update corrects a problem involving QuickTime 7.1.3 running on Mac OS X v10.3.9, Mac OS X Server v10.3.9 and higher, as well as Windows XP/2000.

“A buffer overflow exists in QuickTime’s handling of RTSP URLs,” explained Apple in a tech note posted to its Web site. “By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.”

“This update addresses the issue by performing additional validation of RTSP URLs,” said Apple.

Apple notes that a QTL file that triggers this problem was posted to the Web site of the “Month of Apple Bugs” project.

This story, "Apple security update fixes QuickTime flaw" was originally published by PCWorld.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon