What can we do to overcome the recent Realtime Streaming Protocol (RTSP) problem in QuickTime? We rely on an external training resource that uses a variety of QuickTime media distributed through a content distribution network, and we’re concerned that our workstations are vulnerable through this QuickTime vulnerability.

Apple released an update for QuickTime, Quicktime 7.3.1, for Macintosh and Windows systems last week that addresses the buffer overflow that exists in earlier versions of QuickTime. This allowed streaming movies to be created that could cause the application to terminate unexpectedly. Apple says that the new version of QuickTime addresses the problem by ensuring that the destination buffer is sized to contain the data. Apple users can obtain this newest version of QuickTime through the Software Update applet in Mac OS X. Windows users can download it here. You may also be prompted to download the update if you load a QuickTime movie from a remote site through your Web browser. This update is worth taking the time to install as the earlier versions of QuickTime are vulnerable to arbitrary code execution that can be caused by certain streaming QuickTime movies.