Apple QuickTime Updates for Multiple Vulnerabilities
Original release date: January 16, 2008
Last revised: --
Source: US-CERT
Systems Affected
- Apple Mac OS X running versions of QuickTime prior to 7.4
- Microsoft Windows running versions of QuickTime prior to 7.4
Overview
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
I. Description
Apple QuickTime 7.4 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes is vulnerable.
II. Impact
These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see About the security content of QuickTime 7.4.
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4. This and other updates for Mac OS X are available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
References
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
January 16, 2008: Initial release