Apple Releases QuickTime Security Update

Apple Inc. released Security Update 2007-001 on Tuesday to address potential security issues in QuickTime 7. The update addresses a potential buffer overflow in QuickTime 7.1.3 that could lead to arbitrary code execution on an end user computer by performing additional validation of RTSP in URLs for visited Web sites.

The update is recommended if you are using QuickTime 7.1.3 and Mac OS X 10.3.9 and higher, or Windows XP and Windows 2000.

An example of the exploit this update fixes was posted on the Month of Apple Bugs Web site, which means that although there are no known instances of this exploit being used, there is an example readily available for anyone to look at.

Security Update 2007-001 is available through Appleis Software Update application, or as a stand-alone installer on the Apple Web site.