Apple has released a patch to fix Quicktime. Security update 2007-001 patches a buffer overflow vulnerability in Mac and Windows versions of Quicktime and should be downloaded immediately. The vulnerability was discovered by a group of hackers working for the Month of Apple Bugs Project who have found 22 other bugs this month.
Vulnerable Quicktime users could face a buffer overflow attack if they are redirected to a malicious RTSP or real time streaming protocol server - a server that is sometimes used in large scale Quicktime broadcasts. Of course, users would have to be tricked into clicking on a spoofed Quicktime link.
The Month of Apple Bugs Project was launched on January 1st to find one vulnerability each day in the Apple operating system or related software. Two hackers, Kevin Finisterre and "LMH", have found almost two dozen bugs in everything from the Iphoto application to the OS X file system. Unlike other security vulnerability projects, MOAB’s vulnerabilities are not disclosed to Apple before publishing.