Apple Issues Security Update For QuickTime Flaw
A new update from Apple aims to put to sleep a QuickTime vulnerability that could allow remote attacks..
October 4, 2007
According to Apple, the problem revolved around the QuickTime Media Links (QTLs):
“A command injection issue exists in QuickTime's handling of URLs in the qtnext field in QTL files. By enticing a user to open a specially crafted QTL file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. This update addresses the issue through improved handling of URLs. This issue does not affect Mac OS X.”
The security update for QuickTime 7.2 can be downloaded from here.