updated 06:00 pm EST, Wed February 6, 2008
QuickTime 7.4.1 released
Apple today released QuickTime 7.4.1 for Mac OS X Panther, Tiger, and Leopard as well as Microsoft Windows. The update beefs up security while improving compatibility with third-party applications. Users who don't update to QuickTime 7.4.1 could visit a maliciously crafted website that could lead to unexpected application termination, or arbitrary code execution.
"A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution," Apple said. "This update addresses the issue through improved bounds checking."