Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Technical Cyber Security Alert TA08-162C archive

Apple Quicktime Updates for Multiple Vulnerabilities

Original release date: June 10, 2008
Last revised: --
Source: US-CERT

Systems Affected

  • Apple Mac OS X running versions of QuickTime prior to 7.5
  • Microsoft Windows running versions of QuickTime prior to 7.5

Overview

Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.


I. Description

Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities.

Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable.


II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5


III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.


References


Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

June 10, 2008: Initial release

Last updated June 10, 2008
print this document