Apple has patched a vulnerability in its QuickTime media player that Danish security vendor Secunia labeled as "critical" because of the risk involving a hacker gaining control over a given computer. A buffer overflow can occur when QuickTime processes a Real Time Streaming Protocol (RTSP) URL, which directs the player to a streaming file and allows a user to play and pause it. A malicious RTSP URL embedded in a Web page could allow other harmful code to be executed, Apple said. The patch is now available, three weeks after researchers who are part of the Month of Apple Bugs (MOAB) published exploit code, on Apple"s download page as well as via Apple"s Software Update service. QuickTime 7.1.3 was affected on the following platforms:
- Mac OS X 10.3.9 & Mac OS X Server 10.3.9
- Mac OS X 10.4.8 & Mac OS X Server 10.4.8
- Windows XP & Windows 2000