Apple has patched a flaw in its Quicktime multimedia player that is currently being exploited by attackers.

The vulnerability exists in the way Quicktime handles RTSP streaming media files. When a specially crafted file is launched, a buffer overflow error occurs. This error allows an attacker to remotely execute code on the targeted user's machine.

The vulnerability was discovered by Polish security researcher Krystian Kloskowski in late November. Less than two weeks later, reports surfaced that attackers were actively targeting the vulnerability via adult websites.

The flaw was considered a greater risk for Firefox users because of the way the browser interacted with the Quicktime player. Researchers found that both Internet Explorer and Safari were able to prevent the attack form successfully executing.

The update addresses the issue in both the Quicktime player software for both Windows and MacOS systems. Users can download the update from Apple's website or via the company's Software Update utility.