Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities.
Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable.
These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5
Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update.
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
June 10, 2008: Initial release