Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Apple posts QuickTime 7.3.1 security update

Apple on Thursday night issued a hotfix for its QuickTime media player that patches a single but already exploited flaw in the software's handling of streaming content.

The exploit sends an improper header through QuickTime's Real Time Streaming Protocol (RTSP) service, triggering a buffer overflow that permits a hacker to run their own code and compromise an affected system.

In recent days, a website known as Ourvoyeur.net has reportedly been hijacked and used to infect systems with malware that opens a back door for hackers. That exploit targets Windows users but could theoretically apply to Mac OS X as well given the existence of the flaw in Apple's own operating system, according to one report.

The QuickTime patch is available both for the critically affected Windows systems in a 20MB download but is also offered as a roughly 50MB fix for Mac OS X Panther, Tiger, and Leopard.



35 Comments

shogun 17 Years · 362 comments

I'm patched, but is there a way to know if you've been "backdoored"?

ascii 19 Years · 5930 comments

I'm so sick of these endless security holes in Quicktime. Is there any way to remove this plugin from a Mac without breaking Safari?

Marvin 18 Years · 15355 comments

Quote:
Originally Posted by ascii

Is there any way to remove this plugin from a Mac without breaking Safari?

Remove the quicktime components from /Library/Internet plug-ins.

I like that there's a link to a voyeur site in the article.

jeffdm 20 Years · 12733 comments

Quote:
Originally Posted by Marvin

Remove the quicktime components from /Library/Internet plug-ins.

I like that there's a link to a voyeur site in the article.

Unless something changed, they said the name of the site, but there is no web link.

pb 22 Years · 4191 comments

Quote:
Originally Posted by JeffDM

Unless something changed, they said the name of the site, but there is no web link.

Though there is no clickable web link, there is the complete URL of the site. Just out of curiosity, and after having applied the update, I entered the URL into Firefox to see what it gives. So, it is a nudity site and Firefox suddenly started hitting hard the hard disk and the UI almost froze up. I tried to kill it and it worked after several seconds of hard disk grinding. I hope it did nothing to my computer.