U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA07-334A)

Apple QuickTime RTSP Vulnerability

Original release date: November 30, 2007

Systems Affected

A vulnerability in Apple QuickTime affects
  • Apple Mac OS X
  • Microsoft Windows

Overview

Apple QuickTime for Microsoft Windows and Apple Mac OS X contains a vulnerability that could allow an attacker to gain access to your computer.

Solution

Apple has released QuickTime 7.3.1 to address this issue. Until updates can be applied, the below workarounds may prevent this vulnerability from being exploited.

Secure your web browser

Following the instructions in Securing Your Web Browser can help protect you from attacks against this and other web browser vulnerabilities.

Do not open untrusted QuickTime files

Do not open QuickTime files from any untrusted sources, including unsolicited files or links received in email, instant messages, web forums, or internet relay chat (IRC) channels.

Description

Apple QuickTime contains a vulnerability in the way QuickTime handles multi-media content in Real Time Streaming Protocol (RTSP). By convincing you to visit a malicious web site or open a malicious QuickTime file, an attacker could gain access to and take control of your computer. Common web browsers, including Microsoft Windows, Mozilla Firefox, and Apple Safari could be used to open a malicious QuickTime file.

Note that Apple iTunes installs QuickTime, so any system with iTunes is also vulnerable.

For more technical information, see US-CERT Technical Security Alert TA07-334A.


References


.

Revision History

  • November 30, 2007: Initial release

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top