Exploit released for unpatched QuickTime flaw

Posted by Mark Raby

Instructions for exploiting a previously undocumented security hole in Apple's QuickTime media player software are now available online, and security firms are warning that it may not be long before we start seeing criminal groups taking advantage of the flaw to break into vulnerable computers.

According to an advisory from the US-CERT, the vulnerability stems from a weakness in the way QuickTime handles a type of media-streaming communications called the "real time streaming protocol" (RTSP). Attackers could exploit the flaw merely by convincing users to click on a poisoned link, open a malicious e-mail attachment, or visit a specially crafted Web page. US-CERT says the vulnerability is present in QuickTime versions 4.0 through 7.3 (the latest version) on both Windows and Mac systems.

More here at Washington Post...