Apple today released QuickTime 7.3.1 for Mac and Windows. This update addresses security issues including the following:
• CVE-ID: CVE-2007-6166
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista / XP SP2
Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
Description: A buffer overflow exists in QuickTime’s handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.
• CVE-ID: CVE-2007-4706
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista / XP SP2
Impact: Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime’s handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.
• CVE-ID: CVE-2007-4707
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista / XP SP2
Impact: Multiple vulnerabilities in QuickTime’s Flash media handler
Description: Multiple vulnerabilities exist in QuickTime’s Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d’Hauenens & Brian Mariani of Syseclabs for reporting this issue.
The update is available via Software Update and also as standalone installers.
More info and download links:
• QuickTime 7.3.1 for Leopard – 52.6 MB
• QuickTime 7.3.1 for Tiger- 48.7 MB
• QuickTime 7.3.1 for Panther – 50.9 MB
• QuickTime 7.3.1 for Windows – 20.3 MB
“supremely secure computing experience with Vista”
You got that right Zune Tang, I feel as secure as the plastic wrapped, plastic boxed, paper enveloped Vista DVD on my desk. It even has BestBuy label for extra security. Just imagine how secure I feel when somebody finally buys it from me.
Swell! QuickTime is now 0.0.1 times snappier on my MacBook!
I find Zune’s musings are almost as funny as the suckers who keep falling for his/her lines.
I do miss Sputnik. Where for art thou my gentle Sput. My gentle Sput come hither.
What about:
“Secured Computer Reliability Experiencing Windows Update 2”
Scrabble bonus?
@FUDsucker Proxy
This site ought to be an opportunity for consumers to demand the best Cupertino can produce.
We ought to demonstrate that we are smart enough not to always, always fall for the manipulation.
We look like such fools when we do.
But, alas, most come here to praise Caesar.
Result: we get what the Master Marketer wants us to have as in: ‘everybody wants glossy screens’ or ‘nobody burns DVDs anymore’ – WHAT OUTRAGEOUS, AMAZING ARROGANCE!
Nice shot, Cheney….