Loading ...
Sorry, an error occurred while loading the content.
 

Vulnerabilities in Quicktime

Expand Messages
  • Serge Maandag (yahoo)
    CERT has issued a warning about several vulnerabilities in Quicktime. Since most (if not all) of us here are quicktime users, I copy their warning below. You
    Message 1 of 1 , Sep 14, 2006
      CERT has issued a warning about several vulnerabilities in Quicktime.

      Since most (if not all) of us here are quicktime users, I copy their
      warning below. You are advised to upgrade your quicktime player/plugin.

      Serge.

      ____________________________________________________________________

      National Cyber Alert System

      Technical Cyber Security Alert TA06-256A


      Apple QuickTime Vulnerabilities

      Original release date: September 13, 2006
      Last revised: --
      Source: US-CERT


      Systems Affected

      Apple QuickTime on systems running

      * Apple Mac OS X
      * Microsoft Windows


      Overview

      Apple QuickTime contains multiple vulnerabilities. Exploitation of
      these vulnerabilities could allow a remote attacker to execute
      arbitrary code or cause a denial-of-service condition.


      I. Description

      Apple QuickTime 7.1.3 resolves multiple vulnerabilities in the way
      different types of image and media files are handled. An attacker
      could exploit these vulnerabilities by convincing a user to access
      a specially crafted image or media file with a vulnerable version
      of QuickTime. Since QuickTime configures most web browsers to
      handle QuickTime media files, an attacker could exploit these
      vulnerabilities using a web page.

      Note that QuickTime ships with Apple iTunes.

      For more information, please refer to the Vulnerability Notes.


      II. Impact

      These vulnerabilities could allow a remote, unauthenticated
      attacker to execute arbitrary code or commands and cause a
      denial-of-service condition. For further information, please see
      the Vulnerability Notes.


      III. Solution

      Upgrade QuickTime

      Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are
      available via Apple Update.

      Disable QuickTime in your web browser

      An attacker may be able to exploit this vulnerability by persuading
      a user to access a specially crafted file with a web
      browser. Disabling QuickTime in your web browser will defend
      against this attack vector. For more information, refer to the
      Securing Your Web Browser document.


      References

      * Vulnerability Notes for QuickTime 7.1.3 -
      <http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_713>

      * About the security content of the QuickTime 7.1.3 Update -
      <http://docs.info.apple.com/article.html?artnum=304357>

      * Apple QuickTime 7.1.3 -
      <http://www.apple.com/support/downloads/quicktime713.html>

      * Standalone Apple QuickTime Player -
      <http://www.apple.com/quicktime/download/standalone.html>

      * Mac OS X: Updating your software -
      <http://docs.info.apple.com/article.html?artnum=106704>

      * Securing Your Web Browser -
      <http://www.us-cert.gov/reading_room/securing_browser/>

      ____________________________________________________________________

      The most recent version of this document can be found at:

      <http://www.us-cert.gov/cas/techalerts/TA06-256A.html>
      ____________________________________________________________________
    Your message has been successfully submitted and would be delivered to recipients shortly.