Apple QuickTime Updates for Multiple Vulnerabilities

Systems Affected

• Apple Mac OS X running versions of QuickTime prior to 7.4
• Microsoft Windows running versions of QuickTime prior to 7.4

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

I. Description

Apple QuickTime 7.4 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.

Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.

II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see About the security content of QuickTime 7.4.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.4. This and other updates for Mac OS X are available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.

References

• About the security content of the QuickTime 7.4 Update - <http://docs.info.apple.com/article.html?artnum=307301>
• How to tell if Software Update for Windows is working correctly when no updates are available - <http://docs.info.apple.com/article.html?artnum=304263>
• Apple - QuickTime - Download - <http://www.apple.com/quicktime/download/>
• Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

January 16, 2008: Initial release