Business
Apple drops QuickTime patch
Apple on Wednesday dropped a patch for QuickTime to fix a arbitrary code execution vulnerability.Relative to other recent QuickTime patches this one was small--only one vulnerability that could lead to an "unexpected application termination or arbitrary code execution" if a user visits a malicious Web site.
![larry-dignan-eic.jpg](https://www.zdnet.com/a/img/resize/ad5eaccb545ef683588243a9891d5f678df042df/2017/04/26/eb462fe7-e39e-43ba-abbd-c4ca2442306e/larry-dignan-eic.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
Apple on Wednesday dropped a patch for QuickTime to fix a arbitrary code execution vulnerability.
Relative to other recent QuickTime patches this one was small--only one vulnerability that could lead to an "unexpected application termination or arbitrary code execution" if a user visits a malicious Web site.
QuickTime 7.4.1 covers the following vulnerability (CVE-2008-0234). Here's Apple's description.
A heap buffer overflow exists in QuickTime's handling of HTTP responses when RTSP tunneling is enabled. By enticing a user to visit a maliciously crafted webpage, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.