Apple QuickTime Flaw Discovered

Intego is reporting a fairly serious sounding bug in Apple's latest version of QuickTime (v7.5.5). According to Intego, "The '<? quicktime type= ?>' tag fails to handle long strings, which can lead to a heap overflow in QuickTime Player, iTunes, or any other program that attempts to display media using a QuickTime plug-in." If QuickTime v7.5.5 is installed, this would include Internet Explorer, Firefox, and Safari. Mac users face a double risk - not just the browser but also the Mail and Finder apps are also vulnerable if that version of QuickTime is installed.

Successful exploit could enable remote execution of arbitrary code. Currently, no patch is available. This might be one of those situations where it's simply safest to uninstall QuickTime until Apple releases the necessary patch. More details on the QuickTime heap overflow problem can be found on the Intego blog.