M
MEB
NOTE: Win9X/ME users, your APPLE Quicktime is severly outdated.... look for
alternative codex offerings if you need support for the extensions.
The newer QuickTime players do NOT support 9X/ME/NT.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-094A
Apple Updates for Multiple Vulnerabilities
Original release date: April 3, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.4.5
* Microsoft Windows running versions of QuickTime prior to 7.4.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the
Apple Knowledgebase article HT1241. Exploitation of these
vulnerabilities could allow a remote attacker to execute arbitrary
code or cause a denial-of-service condition.
I. Description
Apple QuickTime 7.4.5 vulnerabilities in the way different types of
image and media files are handled. An attacker could exploit these
vulnerabilities by convincing a user to access a specially crafted
image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes
may be vulnerable.
II. Impact
These vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial-of-service condition. For
further information, please see Apple knowledgebase article HT1241
about the security content of QuickTime 7.4.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are
available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.4.5 Update -
<http://support.apple.com/kb/HT1241>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 3, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5
SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP
iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX
Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA
HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+
WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==
=cONM
-----END PGP SIGNATURE-----
alternative codex offerings if you need support for the extensions.
The newer QuickTime players do NOT support 9X/ME/NT.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA08-094A
Apple Updates for Multiple Vulnerabilities
Original release date: April 3, 2008
Last revised: --
Source: US-CERT
Systems Affected
* Apple Mac OS X running versions of QuickTime prior to 7.4.5
* Microsoft Windows running versions of QuickTime prior to 7.4.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the
Apple Knowledgebase article HT1241. Exploitation of these
vulnerabilities could allow a remote attacker to execute arbitrary
code or cause a denial-of-service condition.
I. Description
Apple QuickTime 7.4.5 vulnerabilities in the way different types of
image and media files are handled. An attacker could exploit these
vulnerabilities by convincing a user to access a specially crafted
image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes
may be vulnerable.
II. Impact
These vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial-of-service condition. For
further information, please see Apple knowledgebase article HT1241
about the security content of QuickTime 7.4.5
III. Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are
available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.
References
* About the security content of the QuickTime 7.4.5 Update -
<http://support.apple.com/kb/HT1241>
* How to tell if Software Update for Windows is working correctly
when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
_________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
_________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the
subject.
_________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________
Produced 2008 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
April 3, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5
SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP
iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX
Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA
HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+
WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==
=cONM
-----END PGP SIGNATURE-----