Vulnerabilities in Quicktime
- CERT has issued a warning about several vulnerabilities in Quicktime.
Since most (if not all) of us here are quicktime users, I copy their
warning below. You are advised to upgrade your quicktime player/plugin.
National Cyber Alert System
Technical Cyber Security Alert TA06-256A
Apple QuickTime Vulnerabilities
Original release date: September 13, 2006
Last revised: --
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Apple QuickTime contains multiple vulnerabilities. Exploitation of
these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.
Apple QuickTime 7.1.3 resolves multiple vulnerabilities in the way
different types of image and media files are handled. An attacker
could exploit these vulnerabilities by convincing a user to access
a specially crafted image or media file with a vulnerable version
of QuickTime. Since QuickTime configures most web browsers to
handle QuickTime media files, an attacker could exploit these
vulnerabilities using a web page.
Note that QuickTime ships with Apple iTunes.
For more information, please refer to the Vulnerability Notes.
These vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code or commands and cause a
denial-of-service condition. For further information, please see
the Vulnerability Notes.
Upgrade to QuickTime 7.1.3. This and other updates for Mac OS X are
available via Apple Update.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading
a user to access a specially crafted file with a web
browser. Disabling QuickTime in your web browser will defend
against this attack vector. For more information, refer to the
Securing Your Web Browser document.
* Vulnerability Notes for QuickTime 7.1.3 -
* About the security content of the QuickTime 7.1.3 Update -
* Apple QuickTime 7.1.3 -
* Standalone Apple QuickTime Player -
* Mac OS X: Updating your software -
* Securing Your Web Browser -
The most recent version of this document can be found at: