QuickTime 7.4.1 fixes heap buffer overflow flaw

[Wednesday, February 6th]

Apple has released QuickTime 7.4.1, an update to the multimedia infrastructure for Mac OS X, which includes the following security refinement:

Visiting a malicious website may lead to an unexpected application termination or arbitrary code execution A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

The new release is available in the following editions:

• QuickTime 7.4.1 for Leopard [55.5MB]
• QuickTime 7.4.1 for Tiger [51.7MB]
• QuickTime 7.4.1 for Panther [50.4MB]

Problems after the update? Please let us know.

Resources