Apple’s QuickTime media player features security glitches once again. 2008’s first QuickTime security flaw was discovered recently and it affects how the media player handles the Real Time Streaming Protocol (RTSP). The flaw may allow any attacker to execute arbitrary code or cause a denial-of-service attack on users’ systems.

Taking into account that the new condition is only partially different from the QuickTime RTSP flaw reported in December 2007, the former can occur even on a fully patched version of Apple’s player (7.3.1), running on Windows and possibly on Apple’s own operating system, Mac OS X.

The most recent QuickTime security flaw was discovered by an Italian security researcher called Luigi Auriemma, who also provided an exploit example on his web site. “For exploiting this vulnerability is only needed that an user follows a rtsp:// link, if the port 554 of the server is closed QuickTime will automatically change the transport and will try the HTTP protocol on port 80, the 404 error message of the server (other error numbers are valid too) will be visualized in the LCD-like screen,” Luigi Auriemma explained.

Apple has not yet announced when a new patch will be released.