Apple Patches QuickTime

Apple has patched a vulnerability in its QuickTime media player that Danish security vendor Secunia labeled as 'critical' because of the risk involving a hacker gaining control over a given computer. A buffer overflow can occur when QuickTime processes a Real Time Streaming Protocol (RTSP) URL, which directs the player to a streaming file and allows a user to play and pause it. A malicious RTSP URL embedded in a Web page could allow other harmful code to be executed, Apple said. The patch is now available, three weeks after researchers who are part of the Month of Apple Bugs (MOAB) published exploit code, on Apple's download page as well as via Apple's Software Update service. QuickTime 7.1.3 was affected on the following platforms:

  • Mac OS X 10.3.9 & Mac OS X Server 10.3.9
  • Mac OS X 10.4.8 & Mac OS X Server 10.4.8
  • Windows XP & Windows 2000
News source: PC World

Report a problem with article
Previous Story

Unused Domain Name for U.S. Isles Gone

Next Story

Vodafone to Launch Video Service

14 Comments

Commenting is disabled on this article.

Can someone confirm that there's a patch for QT under XP? I don't see it on the Apple downloads site and when I update QT from within the application, it just says that my vesion is up to date. I would sure like a link to the XP patch.

I know we're not supposed to talk about this, but, can someone answer?

Does this mean Quicktime Alternative is vulnerable to the same exploit until updated ?

Apple won't say one way or another because that would mean they'd have to acknowledge that Quicktime Alternative exists.
However, since the flaw is in the player and not the media format, I'd say that the answer to your question is: No.

if xp users have the Apple software update program installed they can use that to get the fix for quicktime i did and have updated.

BTW Apple Software Update comes with iTunes 7

Can someone, maybe the author of this news item, post a direct llink to the patch for Windows XP? I looked on the Apple download page, but saw only patches for OSX. Thanks.

geez I know. Do they still make you pay for the pro version just to have video full screen? What a joke.

I hear iTunes users get stuck with it though. ha-ha