Apple + Security & Privacy

Apple has just released QuickTime 7.4.1, an update to its media software, that includes a critical security fix. They describe the problem and fix as follows:

“Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.”

This problem is similar to the QuickTime streaming flaw that we wrote about last November, which was patched in mid-December. This recent update is for Mac OS X 10.3, 10.4 and 10.5.

Apple has been having repeated problems with QuickTime flaws, and this one is important to fix. There are exploits in the wild, with sample code for wannabe hackers to try their luck. Get this update now from Software Update, or from the link at the beginning of this article.