Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Apple QuickTime 7.4.5 vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes may be vulnerable.
These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1241 about the security content of QuickTime 7.4.5
Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are available via Apple Update.
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
April 3, 2008: Initial release