Scro

Member

Blog Archive

Blog

More patches... APPLE 0 Comments

National Cyber Alert System

Technical Cyber Security Alert TA07-310A

 

Apple QuickTime Updates for Multiple Vulnerabilities

Original release date: November 06, 2007

Last revised: --

Source: US-CERT

Systems Affected

Vulnerabilities in Apple QuickTime affect

* Apple Mac OS X

* Microsoft Windows

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of

these vulnerabilities could allow a remote attacker to execute

arbitrary code or cause a denial-of-service condition.

I. Description

Apple QuickTime 7.3 resolves multiple vulnerabilities in the way

different types of image and media files are handled. An attacker

could exploit these vulnerabilities by convincing a user to access a

specially crafted image or media file that could be hosted on a web

page.

Note that Apple iTunes installs QuickTime, so any system with iTunes

is vulnerable.

II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker

to execute arbitrary code or commands and cause a denial-of-service

condition. For further information, please see About the security

content of QuickTime 7.3.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.3. This and other updates for Mac OS X are

available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited

via a web browser, refer to Securing Your Web Browser.

References

* About the security content of the QuickTime 7.3 Update -

<

 

* How to tell if Software Update for Windows is working correctly when no updates are available -

<

 

* Apple QuickTime Download - <

 

* Mac OS X: Updating your software -

<

 

* Securing Your Web Browser -

<

 

_________________________________________________________________

The most recent version of this document can be found at:

<

_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the

subject.

_________________________________________________________________

For instructions on subscribing to or unsubscribing from this

mailing list, visit <

_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<

http://docs.info.apple.com/article.html?artnum=306896>http://docs.info.apple.com/article.html?artnum=304263>http://www.apple.com/quicktime/download/>http://docs.info.apple.com/article.html?artnum=106704>http://www.us-cert.gov/reading_room/securing_browser/>http://www.us-cert.gov/cas/techalerts/TA07-310A.html>http://www.us-cert.gov/cas/signup.html>.http://www.us-cert.gov/legal.html>
Posted in   Information Security
2007-11-07 08:03:45 | 289 Views

Comments

Leave a Comment

You must be logged in to comment