Apple QuickTime Vulnerabilities

Apple QuickTime for

• Apple Mac OS X
• Microsoft Windows XP
• Microsoft Windows 2000

Apple has released Apple QuickTime 7.0.4 to correct several
vulnerabilities. These vulnerabilities could allow an attacker to gain access to your computer.

Solution

Install an Update

OS X users should use the Mac OS X Software Update feature to download and install Apple QuickTime 7.0.4. Consider scheduling Software Update to check for updates automatically (this option is enabled by default).

Microsoft Windows users should upgrade to Apple QuickTime 7.0.4.

QuickTime prior to version 7.0.4 has multiple image and media file handling vulnerabilities that could allow an attacker to run malicious programs on your computer. Upgrading to Apple QuickTime version 7.0.4 will correct these vulnerabilities.

For more technical information, see US-CERT Technical Alert TA06-011A and the Apple QuickTime Security Update.

References

• Apple QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html>
• Standalone Apple QuickTime Player - <http://www.apple.com/quicktime/download/standalone.html>
• Security content of QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101>
• US-CERT Technical Alert TA06-011A - <http://www.us-cert.gov/cas/techalerts/TA06-011A.html>
• US-CERT Vulnerability Note - <http://www.kb.cert.org/vuls/id/115729>
• US-CERT Vulnerability Note - <http://www.kb.cert.org/vuls/id/150753>
• US-CERT Vulnerability Note - <http://www.kb.cert.org/vuls/id/629845>
• US-CERT Vulnerability Note - <http://www.kb.cert.org/vuls/id/921193>
• US-CERT Vulnerability Note - <http://www.kb.cert.org/vuls/id/913449>
• Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>

.

Revision History

• January 11, 2006: Initial release
  
  January 12, 2006: Added link to standalone QuickTime Player
  
  May 12, 2006: Corrected production statement
  

Last updated