Alert (TA08-094A)

Systems Affected

• Apple Mac OS X running versions of QuickTime prior to 7.4.5
• Microsoft Windows running versions of QuickTime prior to 7.4.5

Overview

Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1241. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Description

Apple QuickTime 7.4.5 vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page.

Note that Apple iTunes installs QuickTime, so any system with iTunes may be vulnerable.

Impact

These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1241 about the security content of QuickTime 7.4.5

Solution

Upgrade QuickTime

Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser.

References

• About the security content of the QuickTime 7.4.5 Update - http://support.apple.com/kb/HT1241
• How to tell if Software Update for Windows is working correctly when no updates are available - http://docs.info.apple.com/article.html?artnum=304263
• Apple - QuickTime - Download - http://www.apple.com/quicktime/download/
• Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704
• Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/

Revision History

• April 3, 2008: Initial release
  

Was this document helpful?  Yes  |   Somewhat  |   No