Alert (TA08-094A)
Apple Updates for Multiple Vulnerabilities
Systems Affected
- Apple Mac OS X running versions of QuickTime prior to 7.4.5
- Microsoft Windows running versions of QuickTime prior to 7.4.5
Overview
Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
Description
Apple QuickTime 7.4.5 vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.
Note that Apple iTunes installs QuickTime, so any system with iTunes may be vulnerable.
Impact
These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1241 about the security content of QuickTime 7.4.5
Solution
Upgrade QuickTime
Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are available via Apple Update.
Secure your web browser
To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.
References
- About the security content of the QuickTime 7.4.5 Update - http://support.apple.com/kb/HT1241
- How to tell if Software Update for Windows is working correctly when no updates are available - http://docs.info.apple.com/article.html?artnum=304263
- Apple - QuickTime - Download - http://www.apple.com/quicktime/download/
- Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704
- Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/
Revision History
-
April 3, 2008: Initial release
This product is provided subject to this Notification and this Privacy & Use policy.