Researchers discover new QuickTime vulnerability

by admin January 11, 2008 at 5:27 pm

The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with Apple’s QuickTime media software.

The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of Apple’s popular iTunes jukebox software, that application is also affect, researchers said.

The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.

Read more: macworld.com