The bug, a flaw in Apple's QuickTime movie player, reportedly lets hackers exploit QuickTime's Real Time Streaming (RTS) protocol to cause a buffer overflow. A buffer overflow is simply a problem that occurs when a program, such as QuickTime, attempts to store too much data in the space allotted for it, and can give hackers complete control over a computer.

The QuickTime flaw can be triggered through HTML, JavaScript, and QuickTime files, making its vector -- that is, the method through which the flaw is exploited -- a common one indeed. It also affects all versions of QuickTime, including the most recent, 7.1.3, on both Macs and Windows machines.

Security firm Secunia has rated the flaw "highly critical." To avoid it, users can uninstall QuickTime or disable RTS.

Month Ahead

The QuickTime flaw was publicized as part of the Month of Apple Bugs project, a joint effort of Kevin Finisterre, a self-taught security entrepreneur, and a hacker known only as LMH.

The Month of Apple Bugs project follows the Month of Browser Bugs and Month of Kernel Bugs, both of which sought to highlight common hacks and other problems by releasing the details of one vulnerability a day over the course of a full month.

Unlike Microsoft , which bears a Windows-sized target on its back by dint of its global reach and, in hacker circles, poor reputation for strong security, Apple is not often the target of hackers' mischief. But Finisterre and LMH want Apple users to know they're not perfectly safe, either -- to counteract a common misconception among Apple fans.

Flaws Exist

"Flaws exist, with and without people disclosing them," wrote Finisterre and LMH on the Month of Apple Bugs site. "If we wanted to make business out of this we would be selling the issues and the proper exploit for each one."

And while the pair is not making a profit from their work, they're not letting Apple know about the bugs they find until they release them on their Web site, for the whole world to see.

"We want to develop and provide tools and documented techniques to aid security research in this platform," wrote Finisterre and LMH. "If nothing else, we had fun working on it and hope people with a brain out there will enjoy the results."