Apple updates QuickTime with security update

By on
Apple on Wednesday released an update to QuickTime, version 7.4.1, closing a critical hole that’s been known for nearly a month. Specifically, the update addresses a vulnerability that could leave users open to arbitrary code execution via a web page embedded with a specially-crafted streaming media file.

The vulnerability is a heap buffer overflow that exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled. The update improves bounds checking, thus preventing the issue from occurring. This is Apple’s fifth QuickTime patch since October including another RTSP vulnerability that led to a series of attacks back in December.

Given the security nature of this update, 7.4.1 is of course recommended for all QuickTime 7 users and can be downloaded through Apple’s Software Update utility or from the Apple Downloads site.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.