Month of Apple Bugs kicks off with Quicktime exploit

Remember the Month of Apple Bugs? Sure you do. Well, LMH and Kevin Finisterre posted their first bug earlier this week and it's a doozy. The Quicktime zero-day attack targets a vulnerability in the software's Real Time Streaming Protocol (RSTP) and could be used to trigger a buffer overflow on both Windows and OS X systems. The flaw was designed using the latest version of Quicktime, 7.1.3, but other versions could be affected as well. Quicktime users are currently advised to turn off RTSP until Apple issues a fix. The Month of Apple bugs continued to make good on their promise by posting a second bug yesterday, which exposes a flaw in open-source video player VLC for OS X.