Apple has patched a critical security flaw in its QuickTime media software.
The company has issued the patch after exploit code for the flaw had already appeared on the internet.
Security Update 2007-001 can be downloaded and installed via Apple Software Update preferences or from Apple Downloads.
The flaw leaves users’ systems open to remote attack if they visit certain malicious websites, confirmed Apple.
The security hole is a result of a buffer overflow opportunity that exists in QuickTime's handling of RTSP URLs.
By enticing a user to access a maliciously-crafted RTSP URL, an attacker can trigger the buffer overflow, which may lead to arbitrary code execution.
The update addresses the issue by performing additional validation of RTSP URLs, said Apple.
Comment on this article: firstname.lastname@example.org