Researchers discover new QuickTime vulnerability

Today's Best Tech Deals

Picked by Macworld's Editors

Top Deals On Great Products

Picked by Techconnect's Editors

The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple’s QuickTime media software.

The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple’s popular iTunes jukebox software, that application is also affect, researchers said.

The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.

The organization also said that they are aware of publicly available proof-of-concept code for this vulnerability.

US-CERT offers several solutions to the problem including uninstalling QuickTime, Blocking the RTSP protocol and disabling the QuickTime plug-ins in your Web browser.

Attackers targeted QuickTime in December in a separate RTSP vulnerability that Apple later fixed with a software update.

Apple representatives were not immediately available for comment.

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.
Shop Tech Products at Amazon