This update addresses the issue by performing additional validation of RTSP URLs,” the company explains, crediting Attila Suszter for finding the bug. “Accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution.
Impacting Mac OS X v10.4.9 - v10.4.11, Mac OS X v10.5 or later, Windows Vista, XP SP2 and SP3, “a heap buffer overflow exists in QuickTime's handling of RTSP URLs,” Apple says. QuickTime 7.6 is available as a free download for all supported platforms, including Mac OS X Leopard and Tiger, plus Windows XP and Vista.Īpple's Support section reveals that QuickTime 7.6 for Leopard and Tiger includes changes that “increase reliability, improve compatibility and enhance security.” A detailed overview of the security content of QuickTime 7.6 reveals that the company has patched quite a number of holes, both on the Mac and Windows sides of the software.įor instance, Apple learned that accessing a maliciously crafted RTSP URL may lead to an unexpected application termination or arbitrary code execution.
Apple has released a new version of its multimedia framework capable of handling digital video, media clips, sound, text, animation, music, and interactive panoramic images in various formats.