Apple Patches QuickTime

Apple has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer.

Streaming Danger

The problem concerns a buffer overflow that can occur when QuickTime processes a Real Time Streaming Protocol (RTSP) URL, which directs the player to a streaming file and allows a user to play and pause it.

A hacker could create a malicious RTSP URL embedded in a Web page that could open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs (MOAB) published exploit code.

Danish security vendor Secunia labeled the problem critical. Apple said the problem affects QuickTime 7.1.3 on Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8, Mac OS X Server 10.4.8, and Microsoft Windows XP and 2000 operating systems.

Second QuickTime Fix

The patch is available on Apple's download page, or it can be delivered through Apple's Software Update service.

In December, hackers exploited a feature in QuickTime and used it in combination with a cross-scripting problem on MySpace.com to create a virulent worm that quickly spread on the social networking Web site.

The worm distributed advertising software and stole login credentials. Apple issued a fix that blocked the worm code.