Joined
·
1,042 Posts
Cyber Security Alert SA07-024A
Apple QuickTime Update for RTSP Vulnerability
Original release date: January 24, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on computers running
* Apple Mac OS X
* Microsoft Windows
Note that Apple iTunes and other software using the vulnerable
QuickTime components are also affected.
Overview
A vulnerability exists in Apple QuickTime that could allow an
attacker to gain control of your computer. Apple has released
Security Update 2007-001 to address this vulnerability.
Solution
Install an update
Apple Mac OS X users should install Apple Security Update
2007-001 through Software Update.
Microsoft Windows users of QuickTime 7.1.3 should install Apple
Security Update 2007-001 through Apple Software Update. Users of
previous versions of QuickTime should upgrade to QuickTime 7.1.3
and then install Apple Software Update. You can find Apple
Software Update in the Start menu under All Programs. If you
cannot find Apple Software Update, then re-install QuickTime
7.1.3.
Refer to Apple Security Update 2007-001 for more information.
Description
A vulnerability in Apple QuickTime 7.1.3, and possibly in earlier
versions, allows an attacker to run malicious software on your
computer when you open a QuickTime file. This malicious software
could also be embedded in a web page, and could execute, without
your knowledge, when you visit a malicious web page or open an
HTML document. For information on protecting against these types
of attacks consult Securing Your Web Browser.
For more technical information, see US-CERT Technical Alert
TA07-005A.
References
* US-CERT Vulnerability Note VU#442497 -
<http://www.kb.cert.org/vuls/id/442497>
* US-CERT Technical Cyber Security Alert TA07-005A -
<http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* About Security Update 2007-001 -
<http://docs.info.apple.com/article.html?artnum=304989>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* How to repair Software Update for Windows -
<http://docs.info.apple.com/article.html?artnum=304264>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/win.html>
* CVE-2007-0015 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>
Apple QuickTime Update for RTSP Vulnerability
Original release date: January 24, 2007
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime on computers running
* Apple Mac OS X
* Microsoft Windows
Note that Apple iTunes and other software using the vulnerable
QuickTime components are also affected.
Overview
A vulnerability exists in Apple QuickTime that could allow an
attacker to gain control of your computer. Apple has released
Security Update 2007-001 to address this vulnerability.
Solution
Install an update
Apple Mac OS X users should install Apple Security Update
2007-001 through Software Update.
Microsoft Windows users of QuickTime 7.1.3 should install Apple
Security Update 2007-001 through Apple Software Update. Users of
previous versions of QuickTime should upgrade to QuickTime 7.1.3
and then install Apple Software Update. You can find Apple
Software Update in the Start menu under All Programs. If you
cannot find Apple Software Update, then re-install QuickTime
7.1.3.
Refer to Apple Security Update 2007-001 for more information.
Description
A vulnerability in Apple QuickTime 7.1.3, and possibly in earlier
versions, allows an attacker to run malicious software on your
computer when you open a QuickTime file. This malicious software
could also be embedded in a web page, and could execute, without
your knowledge, when you visit a malicious web page or open an
HTML document. For information on protecting against these types
of attacks consult Securing Your Web Browser.
For more technical information, see US-CERT Technical Alert
TA07-005A.
References
* US-CERT Vulnerability Note VU#442497 -
<http://www.kb.cert.org/vuls/id/442497>
* US-CERT Technical Cyber Security Alert TA07-005A -
<http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* About Security Update 2007-001 -
<http://docs.info.apple.com/article.html?artnum=304989>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* How to repair Software Update for Windows -
<http://docs.info.apple.com/article.html?artnum=304264>
* Apple - QuickTime - Download -
<http://www.apple.com/quicktime/download/win.html>
* CVE-2007-0015 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>