Hackers kicked off their month of Apple bugs yesterday with the release of a vulnerability for QuickTime.

The QuickTime exploit uses a flaw in the way the software handles a specially crafted "rtsp://" URL.

"By supplying a specially crafted string, an attacker could overflow a stack-based buffer, using either HTML, Javascript or a QTL file as attack vector, leading to an exploitable remote arbitrary code execution condition," the hackers explain.

The hack is described as "trivial". "The only potential workaround would be to disable the rtsp:// URL handler, uninstalling QuickTime or simply live with the feeling of being a potential target for pwnage," they added.