| View previous topic :: View next topic |
| Author |
Message |
BeerCheeze
*hick*
Joined: 14 Jun 2003
Posts: 9285
Location: At the Bar
|
 Posted: Sat, 13 May 2006 13:57:26 Post Subject: Apple QuickTime Vulnerabilities |
  |
|
Systems Affected
Apple QuickTime on systems running
* Apple Mac OS X
* Microsoft Windows
Overview
Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
I. Description
Apple QuickTime 7.1 resolves multiple vulnerabilities in the way different types of image and media files are handled. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file with a vulnerable version of QuickTime. Since QuickTime configures most web browsers to handle QuickTime media files, an attacker could exploit these vulnerabilities using a web page.
For more information, please refer to the Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities could allow an remote, unauthenticated attacker to execute arbitrary code or commands, and cause a denial-of-service condition. For further information, please see the Vulnerability Notes.
III. Solution
Upgrade
Upgrade to QuickTime 7.1. This and other updates for Mac OS X are available via Apple Update.
Disable QuickTime in your web browser
An attacker may be able to exploit this vulnerability by persuading a user to access a specially crafted file with a web browser. Disabling QuickTime in your web browser will defend against this attack vector. For more information, refer to the Securing Your Web Browser document.
References:
* Vulnerability Notes for QuickTime 7.1
* About the security content of the QuickTime 7.1 Update
* Apple QuickTime 7.1
* Standalone Apple QuickTime Player
* Securing Your Web Browser |
|
| Back to top |
|
 |
Little Bruin
Boo Boo
Joined: 07 Apr 2003
Posts: 667
Location: Pic-A-Nic Basket |
|
|
Doctor Feelgood
Arrrrghh!
Joined: 07 Apr 2003
Posts: 20349
Location: New Jersey
|
| Posted: Sat, 13 May 2006 13:58:53 Post Subject: |
|
|
Damn, is Apple the new target of choice for exploitation hunting?  Have people actually gotten tired of going after just MS products? |
|
| Back to top |
|
|
BeerCheeze
*hick*
Joined: 14 Jun 2003
Posts: 9285
Location: At the Bar
|
|
| Back to top |
|
|
thePMG
Rated XXX
Joined: 24 Apr 2004
Posts: 393
Location: Germany
|
| Posted: Mon, 15 May 2006 16:20:22 Post Subject: |
|
|
You forgot to post the "Microsoft Windows and Exchange Server Vulnerabilities" that came out on the 9th.
http://www.us-cert.gov/cas/techalerts/TA06-129A.html
_________________
It's got something to do with motherboards and fuzzy logic, f**k, I don't know... |
|
| Back to top |
|
|
BeerCheeze
*hick*
Joined: 14 Jun 2003
Posts: 9285
Location: At the Bar
|
| Posted: Mon, 15 May 2006 17:07:59 Post Subject: |
|
|
Didn't bother... If you run MS & Exchange then you better be smart enough to keep up on the patching. Apple people right now tend to have their heads in the sand. "I run apple... I'm not vulnerable".
Also... this isn't a Sysadmin site... it's an end user site and end users don't normally run exchange. (But I'm glad to see you are keeping up on CERT. Good man!!!) |
|
| Back to top |
|
|
FireTech
Rated PG-13
Joined: 07 Mar 2006
Posts: 27
|
| Posted: Mon, 15 May 2006 18:53:29 Post Subject: |
|
|
Apple can't think it's too important as checking for updates through Itunes and separately through Quicktime (from version 7.04.??) states I'm up to date. Luckily, I try to avoid using Quicktime anyway  |
|
| Back to top |
|
|
|
