Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Technical Cyber Security Alert TA08-094A archive

Apple Updates for Multiple Vulnerabilities

Original release date: April 3, 2008
Last revised: --
Source: US-CERT

Systems Affected

  • Apple Mac OS X running versions of QuickTime prior to 7.4.5
  • Microsoft Windows running versions of QuickTime prior to 7.4.5

Overview

Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.


I. Description

Apple QuickTime 7.4.5 vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.

Note that Apple iTunes installs QuickTime, so any system with iTunes may be vulnerable.


II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1241 about the security content of QuickTime 7.4.5


III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.


References


Feedback can be directed to US-CERT.

Produced 2008 by US-CERT, a government organization. Terms of use

Revision History

April 3, 2008: Initial release

Last updated April 03, 2008
print this document