A week after Apple updated its QuickTime software to version 7.5.5 and its iTunes software to version 8.0, a proof-of-concept exploit for a purported zero-day vulnerability in Apple's newly patched software has been posted. Someone using the name "Securfrog" has published code that supposedly can be used to crash any Web browser with the QuickTime plug-in. Because of the way QuickTime handles long strings of data, a memory heap overflow can be created.
Securfrog states that remote code execution may be possible as a consequence of this bug. In an e-mail, Securfrog said that Apple was alerted a month ago but didn't respond, "so full disclosure." A request to a security vendor to confirm the functionality of this code was not immediately answered.