On Wednesday, Apple released QuickTime 7.4.1, which is a recommended update for everyone who uses QuickTime 7.0 operating Mac OS X 10.5 Leopard, Mac OS X 10.4.9 Tiger, Mac OS X 10.3.9 Panther, Windows XP SP2, and Windows Vista.
In the latest software update issued, Apple has fixed a vulnerability where visiting a malicious website could lead to a sudden application termination or arbitrary code execution. The problem has been sorted out through enhanced bounds checking.
Apple stated, “A heap buffer overflow exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled.” Adding, “By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution.”
Apple has not attributed credits to any researcher for bringing this vulnerability to notice.
Apparently, QuickTime 7.4.1 also claims to better the compatibility with Adobe Premiere and After Effects.
The update is available as a 55.5MB download for Leopard, a 51.7MB download for Tiger, a 50.4MB download for Panther, and finally a 22.3MB download for Windows Vista or XP SP2.