Apple QuickTime Updates for Multiple Vulnerabilities

Original release date: April 3, 2008
Last revised: --
Source: US-CERT

Systems Affected

• Apple Mac OS X running versions of QuickTime prior to 7.4.5
• Microsoft Windows running versions of QuickTime prior to 7.4.5

Overview

Apple has released Apple QuickTime 7.4.5 to correct several vulnerabilities Apple Knowledgebase article HT1241. These vulnerabilities could allow an attacker to gain access to your computer.

Solution

Upgrade QuickTime

OS X users should use the Mac OS X Software Update feature to download and install Apple QuickTime 7.4.5. Consider scheduling Software Update to check for updates automatically (this option is enabled by default).

Microsoft Windows users should upgrade to Apple QuickTime 7.4.5.

Description

QuickTime prior to version 7.4.5 has multiple image and media file handling vulnerabilities that could allow an attacker to run malicious programs on your computer. This could occur when you unknowingly visit a malicious website. Upgrading to Apple QuickTime version 7.4.5 will correct these vulnerabilities.

Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.

For more technical information, see US-CERT Technical Security Alert TA08-094A.

References

• US-CERT Technical Alert TA08-094A - <http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
• About the security content of the QuickTime 7.4.5 Update - <http://support.apple.com/kb/HT1241>
• Apple QuickTime 7.4.5 for Windows - <http://www.apple.com/support/downloads/quicktime745forwindows.html>
• Apple - QuickTime - Download <http://www.apple.com/quicktime/download/>
• Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>

---

Feedback can be directed to US-CERT.

---

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

April 3, 2008: Initial release