Apple released an update for its QuickTime media software on Thursday, fixing at least three vulnerabilities in the program, including a flaw in the way the software handles streaming content.
The patch, which upgrades the software to version 7.3.1, closes a security hole in the way that the media player handles data from a server using the Real-Time Stream Protocol (RTSP). A Polish security researcher disclosed the flaw in November.
The second flaw could allow an attacker to run malicious code using a specially crafted QuickTime Media Link file. A third issue, which Apple characterized as "multiple vulnerabilities," occurs in the way that QuickTime handles Flash files.
"With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe," the company stated in its advisory.
Apple has closed at least 34 security holes in QuickTime this year. Security researchers have focused on finding vulnerabilities in both Apple's QuickTime player and Microsoft'sWindows Media Player, because the programs are extremely popular among personal computer users.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos