Apple has patched a critical security flaw in its QuickTime media software.
The company has issued the patch after exploit code for the flaw had already appeared on the internet.
Security Update 2007-001 can be downloaded and installed via Apple Software Update preferences or from Apple Downloads.
The flaw leaves users’ systems open to remote attack if they visit certain malicious websites, confirmed Apple.
The security hole is a result of a buffer overflow opportunity that exists in QuickTime's handling of RTSP URLs.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.
The update addresses the issue by performing additional validation of RTSP URLs, said Apple.
Comment on this article: firstname.lastname@example.org