Apple has patched a vulnerability in its QuickTime media player that could give a hacker control over a computer.
The problem concerns a buffer overflow that can occur when QuickTime processes a RTSP URL (Real Time Streaming Protocol Uniform Resource Locator), which directs the player to a streaming file and allows a user to play and pause it.
A hacker could create a malicious RTSP URL embedded in a Web page that would could open a door for other harmful code to run on a machine, Apple said. The patch comes more than three weeks after researchers who are part of the Month of Apple Bugs (MOAB) project published exploit code.
Danish security vendor Secunia ApS labeled the problem critical. Apple said the problem affects QuickTime 7.1.3 on Mac OS X 10.3.9, Mac OS X Server 10.3.9, Mac OS X 10.4.8, Mac OS X Server 10.4.8 and Microsoft's Windows XP and 2000 OSes.
The patch is available through Apple's download page, or it can be delivered through Apple's Software Update service.
Last month, hackers exploited a feature in QuickTime and used it in combination with a cross-scripting problem on MySpace.com to create a virulent worm that quickly spread on the social networking Web site.
The worm distributed advertising software and stole login credentials. Apple issued a fix that blocked the worm code.