Skip to content
Thoughtful, detailed coverage of everything Apple for 33 years
and the TidBITS Content Network for Apple professionals

QuickTime 7.4.1 Fixes Zero-Day Vulnerability

Apple has released QuickTime 7.4.1, a critical security update all users should apply immediately. It is available via Software Update and as a direct download for Leopard, Tiger, Panther, and Windows systems.

This update patches a month-old zero-day vulnerability in the QuickTime streaming protocol (RTSP) that could allow an attacker to take over your computer if you visit a malicious Web site or receive an email with a malicious link. In security parlance, we call this “remote execution of arbitrary code,” using a vulnerability for which no patch exists (the “zero-day” part). This is similar to a previous vulnerability in RTSP that Apple patched in the QuickTime 7.3.1 update (see “QuickTime 7.3.1 Fixes RTSP Vulnerability,” 2007-12-14).

As usual, release notes are a sparse “addresses security issues and improves compatibility with third-party applications.” A separate security note provides more details, but the security information isn’t even referenced by the release notes on the download page, although they do appear on the security updates page.

Since this vulnerability has been in the wild with sample exploits for nearly a month, it is absolutely critical to apply the patch as quickly as possible.

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.