QuickTime continues to have the dubious honor of “most talked about” in this blog, with the announcement of yet another significant security flaw. Originally it looked like the flaw only applied to the Windows version of QuickTime, for which there is a posted exploit. But CERT testing has revealed that the Mac is vulnerable as well.

The problem is with QuickTime’s handling of RTSP (real-time streaming protocol), used mainly for viewing real-time event broadcasts. As often seems to be the case, a “malicious user” could, theoretically, construct a malformed RTSP site that enables (again, as usual) “arbitrary code execution.”

CERT is “currently unaware of a practical solution to this problem.” The best idea is probably not to watch real-time broadcasts from untrusted sources until Apple comes out with a fix.