US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities

11/06/08, US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>
Date: Tue, 10 Jun 2008 16:03:41 -0400
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

         National Cyber Alert System

   Technical Cyber Security Alert TA08-162C


Apple Quicktime Updates for Multiple Vulnerabilities

   Original release date: June 10, 2008
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple Mac OS X running versions of QuickTime prior to 7.5
     * Microsoft Windows running versions of QuickTime prior to 7.5


Overview

   Apple QuickTime contains multiple vulnerabilities as described in the Apple
   Knowledgebase article HT1991. Exploitation of these vulnerabilities could
   allow  a  remote  attacker  to  execute  arbitrary  code  or  cause  a
   denial-of-service condition.


I. Description

   Apple QuickTime prior to version 7.5 has multiple image and media file
   handling vulnerabilities. An attacker could exploit these vulnerabilities by
   convincing a user to access a specially crafted image or media file that
   could  be  hosted  on  a web page. Apple QuickTime 7.5 addresses these
   vulnerabilities.

   Note that Apple iTunes for Windows installs QuickTime, so any system with
   iTunes may be vulnerable.


II. Impact

   These vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial-of-service condition. For further
   information,  please  see Apple knowledgebase article HT1991 about the
   security content of QuickTime 7.5


III. Solution

Upgrade QuickTime

   Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available
   via Apple Update.

Secure your web browser

   To help mitigate these and other vulnerabilities that can be exploited via a
   web browser, refer to Securing Your Web Browser.


IV. References

     * About   the  security  content  of  the  QuickTime  7.5  Update  -
       <http://support.apple.com/kb/HT1991>

     * How to tell if Software Update for Windows is working correctly when no
       updates are available -
       <http://docs.info.apple.com/article.html?artnum=304263>

     * Apple - QuickTime - Download -
       <http://www.apple.com/quicktime/download/>

     * Mac OS X: Updating your software -
       <http://docs.info.apple.com/article.html?artnum=106704>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/>

     * US-CERT     Vulnerability    Notes    for    QuickTime    7.5    -
       <http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5>

____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-162C.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA08-162C Feedback VU#132419" in the
   subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2008 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


   Revision History

   June 10, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws
xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmRUGiedv4h0owQTb
Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3
8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MDI/BSp5kcqaM
TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5
FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B79eg==
=e01A
-----END PGP SIGNATURE-----

Previous message sorted by date: US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability
Next message sorted by date: US-CERT Technical Cyber Security Alert TA08-162B -- Microsoft Updates for Multiple Vulnerabilities
Previous message sorted by thread: US-CERT Technical Cyber Security Alert TA08-162A -- SNMPv3 Authentication Bypass Vulnerability
Next message by thread: US-CERT Technical Cyber Security Alert TA08-162B -- Microsoft Updates for Multiple Vulnerabilities
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jun 2008