Apple plugs zero day QuickTime flaw

Apple on Tuesday released a fix for a serious security hole in its QuickTime media player software.

The patch comes 23 days after details of the flaw, along with detailed attack code, were publicly released. The publication kicked off the "Month of the Apple Bugs" project, which has been publishing a new Apple software bug each day in January.

The QuickTime vulnerability relates to how the media player software handles the Real Time Streaming Protocol, or RTSP, according to an Apple alert. An attacker could exploit the flaw and commandeer a vulnerable system by placing a special RTSP string in a QuickTime file and tricking a user into opening that file, Apple said. Apple plugs zero-day QuickTime flaw | Tech News on ZDNet

Linked by shanmuga Tuesday, 23rd January 2007 11:58PM