Researchers discover new QuickTime vulnerability
The United States Computer Emergency Readiness Team (US-CERT) has discovered a new buffer overflow vulnerability with AppleÃ¢â‚¬â„¢s QuickTime media software.
The vulnerability affects both Mac and Windows operating systems. Because QuickTime is part of AppleÃ¢â‚¬â„¢s popular iTunes jukebox software, that application is also affect, researchers said.
The vulnerability is found in the way QuickTime handles RTSP response messages. When attempting to display a specially crafted Reason-Phrase, QuickTime Player crashes at a memory location that can be controlled by an attacker, according to US-CERT.
Read more: macworld.com