US-CERT Technical Cyber Security Alert TA09-022A -- Apple QuickTime Updates for Multiple Vulnerabilities

23/01/09, US-CERT Technical Cyber Security Alert TA09-022A -- Apple QuickTime Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>

Generated by MHonArc

CSIM Logo WelcomeCourses
Faculty, Student, Staff
Projects and reports
Conferences, workshop and seminars
Laboratories and reasearch facilities
Information related to CSIM
Information non-related to CSIM
Address, map, phone, etc.
Search

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


To: cert-advisory@cert.org
Subject: US-CERT Technical Cyber Security Alert TA09-022A -- Apple QuickTime Updates for Multiple Vulnerabilities
From: CERT Advisory <cert-advisory@cert.org>
Date: Thu, 22 Jan 2009 17:48:04 -0500
List-archive: <http://www.cert.org/>
List-help: <http://www.cert.org/>, <mailto:Majordomo@cert.org?body=help>
List-owner: <mailto:cert-advisory-owner@cert.org>
List-post: NO (posting not allowed on this list)
List-unsubscribe: <mailto:Majordomo@cert.org?body=unsubscribe%20cert-advisory>
Organization: CERT(R) Coordination Center - +1 412-268-7090

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                    National Cyber Alert System

              Technical Cyber Security Alert TA09-022A


Apple QuickTime Updates for Multiple Vulnerabilities

   Original release date: January 22, 2009
   Last revised: --
   Source: US-CERT


Systems Affected

     * Apple QuickTime 7.5 for Windows and Mac OS X


Overview

   Apple has released QuickTime 7.6 to correct multiple
   vulnerabilities affecting QuickTime for Mac OS X and Windows.
   Attackers may be able to exploit these vulnerabilities to execute
   arbitrary code or cause a denial of service.


I. Description

   Apple QuickTime 7.6 addresses a number of vulnerabilities affecting
   QuickTime. An attacker could exploit these vulnerabilities by
   convincing a user to access a specially crafted media or movie
   file. This file could be hosted on a web page or sent via email.


II. Impact

   The impacts of these vulnerabilities vary. Potential consequences
   include arbitrary code execution and denial of service.


III. Solution

   Upgrade to QuickTime 7.6. This and other updates are available via
   Software Update or via Apple Downloads.


IV. References

 * About the security content of QuickTime 7.6 -
   <http://support.apple.com/kb/HT3403>

 * Apple Support Downloads - <http://support.apple.com/downloads/>

 * Mac OS X - updating your software -
   <http://support.apple.com/kb/HT1338?viewlocale=en_US>

 * Securing Your Web Browser -
   <https://www.us-cert.gov/reading_room/securing_browser/>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA09-022A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA09-022A Feedback VU#703068" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2009 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History
  
  January 22, 2009: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBSXj25HIHljM+H4irAQKNIgf+LSBKBzHWdjxmJgYw3vYmAXtwpUxAVThs
Ma4vIB1vSjv8Us83S2XrKIGcKrdPgQgeS7Vji9WRMmlzEv/AYlFJseqq17ufGely
5YosATUh+C0SjY6OAYeJNYMws7fgGcGJagtfQp0gJTRLruknEoB/iqlASBQ7MtNg
7viHKIR8r2BxCNB1A4ir1kzPELIHFF/pmmuaD+E2PnxH1XtYLM9b9t6xbkjie2PG
vEwv7JCGH/RrJtst480ZMIHOghsZ0ONoMkTjZB7o5S0ww3guktGOMB+/QiZI8eFB
KbU6nB6JGscZ8Fb1E4K3yOU9MvpzEfurIvYmyMcAdxFCiq5CSUjOug==
=B5D3
-----END PGP SIGNATURE-----

Previous message sorted by date: US-CERT Technical Cyber Security Alert TA09-020A -- Microsoft Windows Does Not Disable AutoRun Properly
Next message sorted by date: US-CERT Technical Cyber Security Alert TA09-041A -- Microsoft Updates for Multiple Vulnerabilities
Previous message sorted by thread: US-CERT Technical Cyber Security Alert TA09-020A -- Microsoft Windows Does Not Disable AutoRun Properly
Next message by thread: US-CERT Technical Cyber Security Alert TA09-041A -- Microsoft Updates for Multiple Vulnerabilities
Main Index
Thread Index

CSIM home pageWMailAccount managementCSIM LibraryNetwork test toolsSearch CSIM directories
Contact us: Olivier Nicole CSIM    SET    AIT Last update: Jan 2010