Apple released today an update for its QuickTime application, via Mac OS X's Software Update utility and on the Web.

The update fixes at leas three security vulnerabilities, including the one revealed by Symantec.

Last month Symantec disclosed that Apple QuickTime contains a remote buffer overflow vulnerability that could be exploited by the hackers.Symantec rated the vulnerability as “high”.

“Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized stack-based memory buffer. This issue occurs when handling specially crafted RTSP Response headers. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application,” said Symantec at the time in its alert.

Another issue solved by QuickTime 7.3.1 regards the multiple vulnerabilities that exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution.

“With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue” wrote Apple in its security advisory. The new version, QuickTime 7.3.1, is available for Mac OS X Panther, Tiger and Leopard and Windows.