A new vulnerability has been discovered in QuickTime, this one affecting even the most updated version of Apple's software. An independent security researcher posted proof-of-concept for the newly discovered flaw
, which is present in both the Windows and Mac OS X builds.
The flaw is a result of how QuickTime handles invalid RTSP links. QuickTime will attempt to load a stream, and if it is unable, tries to load the same stream on the standard HTTP port - and the server may feed the client too much data and cause it to overflow. While so far nothing more than crashing the software has been proven, it is possible the flaw could lead to code execution. There's no word from Apple if they are working on a fix.