World Backup Day Deals Best Cloud Storage Options Apple AR/VR Headset Uncertainty Samsung Galaxy A54 Preorder Deal What's New With iOS 16.4 10 Best Foods for PCOS 25 Easter Basket Ideas COVID Reinfection: What to Know
Want CNET to notify you of price drops and the latest stories?
No, thank you

Apple QuickTime rtsp URL handler buffer overflow

A flaw in real-time streaming of QuickTime videos could allow remote attackers to compromise your Windows or Mac system.

There's a buffer overflow affecting both the Windows and Mac version of Apple QuickTime 7.1.3 real-time streaming protocol (rtsp). The flaw allows remote attackers to execute arbitrary code which could allow remote access and the arbitrary execution of malicious code on compromised machines. If a user clicks a very long and specially crafted QuickTime video URL, an attacker could load malicious code onto Microsoft Windows or Apple Mac OS X machines.

At this time, there is no patch available from Apple. Users should avoid clicking URLs that begin with "rstp://." One workaround within QuickTime is to disable the rtsp:// URL handler. To do so, Mac users should open QuickTime, go to Preferences, click the Advanced tab, and select Mime Settings; once there, uncheck the box next to Streaming - Streaming Movies. For Windows users, click Edit, then Preferences, and then QuickTime Preferences. Select File Types from the pull-down menu or tab options. On the File Types page click Streaming - Streaming Movies to display additional options and uncheck the box next to RSTP stream descriptor if necessary.

Additional Resources: