Vulnerability discovered in QuickTime

By Justin Mann on January 11, 2008, 2:48 PM
A new vulnerability has been discovered in QuickTime, this one affecting even the most updated version of Apple's software. An independent security researcher posted proof-of-concept for the newly discovered flaw, which is present in both the Windows and Mac OS X builds.

The flaw is a result of how QuickTime handles invalid RTSP links. QuickTime will attempt to load a stream, and if it is unable, tries to load the same stream on the standard HTTP port - and the server may feed the client too much data and cause it to overflow. While so far nothing more than crashing the software has been proven, it is possible the flaw could lead to code execution. There's no word from Apple if they are working on a fix.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.