Apple Inc. has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer.
The problem concerns a buffer overflow that can occur when QuickTime processes a RTSP URL (Real Time Streaming Protocol Uniform Resource Locator), which directs the player to a streaming file and allows a user to play and pause it. A hacker could create a malicious RTSP URL embedded in a Web page that would could open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs (MOAB) project published exploit code. Infosworld has more on this topic.
The problem concerns a buffer overflow that can occur when QuickTime processes a RTSP URL (Real Time Streaming Protocol Uniform Resource Locator), which directs the player to a streaming file and allows a user to play and pause it. A hacker could create a malicious RTSP URL embedded in a Web page that would could open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs (MOAB) project published exploit code. Infosworld has more on this topic.