Apple has released a security fix for QuickTime, fixing a critical bug that had been worrying security experts for nearly a month.
The update, released Wednesday, fixes a vulnerability in the Real Time Streaming Protocol (RTSP) used by QuickTime to handle streaming media. It also fixes a previously reported incompatibility between QuickTime 7.4 and Adobe Premiere and After Effects, according to an Apple spokesman.
On 10 January, researcher Luigi Auriemma disclosed the flaw by a posting proof-of-concept attack code that could be used to run unauthorized software on a victim's computer. For the attack to work, the criminal would have to first trick the user into viewing a maliciously encoded QuickTime media file.
With the attack code available, security researchers had been hoping that Apple would address the flaw. Wednesday's QuickTime 7.4.1 update is for Mac OS X Leopard, Panther and Tiger and Windows operating systems.
It's Apple's fifth QuickTime update since October. The company has been forced to issue the flurry of patches as security researchers have taken a closer look at media player flaws during the past year. In December, Apple patched a separate RTSP vulnerability, which online criminals had already started to use in their attacks.
"In the past few months, QuickTime has been a prevalent target for security researchers," said Andrew Storms, director of security operations with nCircle Network Security.
"Internet media applications on the desktop have been a rich target for attackers and this trend is sure to continue as most users aren't yet accustomed to attacks arriving in the form of a viral video."
(Peter Cohen of Macworld contributed to this report.)