So y’allz might not want to keep this one on the QT, even though it involves QT.
Intego’s Mac Security Blog reports that the company has discovered a vulnerability on the latest update to QuickTime, version 7.5.5.
Basically, the way it works is that the quicktime type tag doesn’t know how to deal with long strings, regardless of whether Safari, Firefox, Mail or any other program encounters it. Right now, when those long strings are handled, the offending app simply crashes. No harm, no foul, right?
Well, if a miscreant were to put bad code in there, conceivably some bad stuff could go down. For now it appears that this is merely a proof of concept and that there are no actual examples of this in the wild, but still, you might want to make sure all your software updates are all, you know, up-to-date.
I consider Intego a bunch of miscreants