- Apple Mac OS X
- Microsoft Windows
A vulnerability exists in Apple QuickTime that could allow an attacker to gain control of your computer. Apple has released Security Update 2007-001 to address this vulnerability.
Install an update
Microsoft Windows users of QuickTime 7.1.3 should install Apple Security Update 2007-001 through Apple Software Update. Users of previous versions of QuickTime should upgrade to QuickTime 7.1.3 and then install Apple Software Update. You can find Apple Software Update in the Start menu under All Programs. If you cannot find Apple Software Update, then re-install QuickTime 7.1.3.
Refer to Apple Security Update 2007-001 for more information.
A vulnerability in Apple QuickTime 7.1.3, and possibly in earlier versions, allows an attacker to run malicious software on your computer when you open a QuickTime file. This malicious software could also be embedded in a web page, and could execute, without your knowledge, when you visit a malicious web page or open an HTML document. For information on protecting against these types of attacks consult Securing Your Web Browser.
For more technical information, see US-CERT Technical Alert TA07-005A.
- US-CERT Vulnerability Note VU#442497 - <http://www.kb.cert.org/vuls/id/442497>
- US-CERT Technical Cyber Security Alert TA07-005A - <http://www.us-cert.gov/cas/techalerts/TA07-005A.html>
- Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
- About Security Update 2007-001 - <http://docs.info.apple.com/article.html?artnum=304989>
- Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704>
- How to repair Software Update for Windows - <http://docs.info.apple.com/article.html?artnum=304264>
- Apple - QuickTime - Download - <http://www.apple.com/quicktime/download/win.html>
- CVE-2007-0015 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>
January 24, 2007: Initial release