Apple has
patched a flaw in its Quicktime multimedia player that is currently being
exploited by attackers.
The vulnerability exists in the way Quicktime handles RTSP streaming media
files. When a specially crafted file is launched, a buffer overflow error
occurs. This error allows an attacker to remotely execute code on the targeted
user's machine.
The vulnerability
was
discovered by Polish security researcher Krystian Kloskowski in late
November. Less than two weeks later, reports surfaced that attackers were
actively
targeting the vulnerability via adult websites.
The flaw was considered a greater risk for Firefox users because of the way
the browser interacted with the Quicktime player. Researchers found that both
Internet Explorer and Safari were able to prevent the attack form successfully
executing.
The update addresses the issue in both the Quicktime player software for both
Windows and MacOS systems. Users can download the update from
Apple's
website or via the company's Software Update utility.
Do you agree?
Have your say on this article