View this article at: http://dev.macnn.com/articles/07/01/23/apple.security.update Tuesday, Jan 23, 2007 4:40pm Apple security update fixes... Apple today released Security Update 2007-001, fixing a vulnerability in QuickTime 7.1.3 in various Mac OS X versions that could lead to arbitrary code execution. The buffer overflow exists in QuickTime's handling of RTSP URLs, according to Apple, and is triggered when an unsuspecting user accesses one of these maliciously-crafted addresses. The update addresses the bug -- which was demonstrated in a QTL file that triggers the issue, published earlier this month -- by performing additional validation of RTSP URLs. The vulnerability affects Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8, Mac OS X Server 10.4.8, and Windows 2000/XP. The update is available for free from Apple's website, and is recommended for all users.