Apple Plugs QuickTime Malware Installation Hole

The company acknowledges the bug could lead to drive-by malware installations on Windows and Mac machines.

Apple has issued a patch for a high-profile vulnerability in its flagship QuickTime media player, acknowledging that the bug could lead to drive-by malware installations on Windows and Mac machines.
With QuickTime 7.4.1, the company provides cover for a heap buffer overflow in QuickTime's handling of HTTP responses when RTSP (Real Time Streaming Protocol) tunneling is enabled.
Apple warned that malicious hackers could use booby-trapped Web pages to "cause an unexpected application termination or arbitrary code execution."
The QuickTime update is for Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista and Windows XP SP2.
The patch comes almost a month after it was first released as zero day (previously unknown or unpatched) on public mailing lists.

Proof-of-concept exploits have been in circulation since Jan. 10, putting both Windows and Mac users at serious risk.
The issue occurs because QuickTime fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer.
Not counting silent-or undocumented-fixes, Apple has patched at least 40 security flaws affecting QuickTime since January 2007. In 2006, the QuickTime patch count was 28.
Apple Feb. 4 also shipped a fix for a critical flaw affecting the iPhoto application.