If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA08-162C Apple Quicktime Updates for Multiple Vulnerabilities Original release date: June 10, 2008 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X running versions of QuickTime prior to 7.5 * Microsoft Windows running versions of QuickTime prior to 7.5 Overview Apple QuickTime contains multiple vulnerabilities as described in the Apple Knowledgebase article HT1991. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. I. Description Apple QuickTime prior to version 7.5 has multiple image and media file handling vulnerabilities. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted image or media file that could be hosted on a web page. Apple QuickTime 7.5 addresses these vulnerabilities. Note that Apple iTunes for Windows installs QuickTime, so any system with iTunes may be vulnerable. II. Impact These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. For further information, please see Apple knowledgebase article HT1991 about the security content of QuickTime 7.5 III. Solution Upgrade QuickTime Upgrade to QuickTime 7.5. This and other updates for Mac OS X are available via Apple Update. Secure your web browser To help mitigate these and other vulnerabilities that can be exploited via a web browser, refer to Securing Your Web Browser. IV. References * About the security content of the QuickTime 7.5 Update - http://support.apple.com/kb/HT1991 * How to tell if Software Update for Windows is working correctly when no updates are available - http://docs.info.apple.com/article.html?artnum=304263 * Apple - QuickTime - Download - http://www.apple.com/quicktime/download/ * Mac OS X: Updating your software - http://docs.info.apple.com/article.html?artnum=106704 * Securing Your Web Browser - http://www.us-cert.gov/reading_room/securing_browser/ * US-CERT Vulnerability Notes for QuickTime 7.5 - http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5 __________________________________________________ __________________ The most recent version of this document can be found at: http://www.us-cert.gov/cas/techalerts/TA08-162C.html __________________________________________________ __________________ Feedback can be directed to US-CERT Technical Staff. Please send email to with "TA08-162C Feedback VU#132419" in the subject. __________________________________________________ __________________ For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. __________________________________________________ __________________ Produced 2008 by US-CERT, a government organization. Terms of use: http://www.us-cert.gov/legal.html __________________________________________________ __________________ Revision History June 10, 2008: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmR UGiedv4h0owQTb Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3 8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MD I/BSp5kcqaM TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5 FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B 79eg== =e01A -----END PGP SIGNATURE----- |
#2
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
|
#3
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
Sunny wrote:
"MEB" meb@not wrote in message ... | -----BEGIN PGP SIGNED MESSAGE----- snip What is the rationale for PGP signed posts on a public news group? (I was under the impression it was for e-mails between individuals) The sign gives you the opportunity to check if the poster is who he claims to be. |
#5
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
From: "MEB" meb@not
| -----BEGIN PGP SIGNED MESSAGE----- | Hash: SHA1 | | National Cyber Alert System | | Technical Cyber Security Alert TA08-162C | | Apple Quicktime Updates for Multiple Vulnerabilities | | Original release date: June 10, 2008 | Last revised: -- | Source: US-CERT | | Systems Affected | | * Apple Mac OS X running versions of QuickTime prior to 7.5 | * Microsoft Windows running versions of QuickTime prior to 7.5 | | Overview | | Apple QuickTime contains multiple vulnerabilities as described in the | Apple | Knowledgebase article HT1991. Exploitation of these vulnerabilities could | allow a remote attacker to execute arbitrary code or cause a | denial-of-service condition. | | I. Description | | Apple QuickTime prior to version 7.5 has multiple image and media file | handling vulnerabilities. An attacker could exploit these vulnerabilities | by | convincing a user to access a specially crafted image or media file that | could be hosted on a web page. Apple QuickTime 7.5 addresses these | vulnerabilities. | | Note that Apple iTunes for Windows installs QuickTime, so any system with | iTunes may be vulnerable. | | II. Impact | | These vulnerabilities could allow a remote, unauthenticated attacker to | execute arbitrary code or cause a denial-of-service condition. For | further | information, please see Apple knowledgebase article HT1991 about the | security content of QuickTime 7.5 | | III. Solution | | Upgrade QuickTime | | Upgrade to QuickTime 7.5. This and other updates for Mac OS X are | available | via Apple Update. | | Secure your web browser | | To help mitigate these and other vulnerabilities that can be exploited | via a | web browser, refer to Securing Your Web Browser. | | IV. References | | * About the security content of the QuickTime 7.5 Update - | http://support.apple.com/kb/HT1991 | | * How to tell if Software Update for Windows is working correctly when | no | updates are available - | http://docs.info.apple.com/article.html?artnum=304263 | | * Apple - QuickTime - Download - | http://www.apple.com/quicktime/download/ | | * Mac OS X: Updating your software - | http://docs.info.apple.com/article.html?artnum=106704 | | * Securing Your Web Browser - | http://www.us-cert.gov/reading_room/securing_browser/ | | * US-CERT Vulnerability Notes for QuickTime 7.5 - | | http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5 | | __________________________________________________ __________________ | | The most recent version of this document can be found at: | | http://www.us-cert.gov/cas/techalerts/TA08-162C.html | __________________________________________________ __________________ | | Feedback can be directed to US-CERT Technical Staff. Please send | email to with "TA08-162C Feedback VU#132419" in the | subject. | __________________________________________________ __________________ | | For instructions on subscribing to or unsubscribing from this | mailing list, visit http://www.us-cert.gov/cas/signup.html. | __________________________________________________ __________________ | | Produced 2008 by US-CERT, a government organization. | | Terms of use: | | http://www.us-cert.gov/legal.html | __________________________________________________ __________________ | | Revision History | | June 10, 2008: Initial release | -----BEGIN PGP SIGNATURE----- | Version: GnuPG v1.4.5 (GNU/Linux) | | iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws | xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmR UGiedv4h0owQTb | Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3 | 8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MD I/BSp5kcqaM | TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5 | FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B 79eg== | =e01A | -----END PGP SIGNATURE----- | And Apple hasn'r supported QuickTime on Win9x/ME for quite a while. The *only* solution is to REMOVE QuickTime! -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#6
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
From: "Ingeborg"
| The sign gives you the opportunity to check if the poster is who he claims | to be. Except the PGP signing is by the US CERT, not by MEB. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#7
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
From: "Gary S. Terhune" none
| FYI, the last version of QT that will install on Windows 9x is 6.5.2. | | Wonder how long it will take for them to find new problems with QT 7.5 and, | more importantly, SNMPv3 after it's patched. Point is that ALL software has | bugs, and, apparently, all software has security vulnerabilities. It's a | game to stay ahead of the hackers, and it would seem that no OS or | application is immune. | | I say all good and responsible computer users thrown their machines into the | dumpster. They're just too unsafe. | :-) -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#8
|
|||
|
|||
US CERT - Security Alert TA08-162C -- Apple Quicktime Updates for Multiple Vulnerabilities
Oh I agree, and that is what I have been advising... but these are for those
still using it... each time is a NEW vulnerability.. and for the dual booters.. There was an alternative posted in one of these discussions. -- MEB http://peoplescounsel.orgfree.com -- _________ "David H. Lipman" wrote in message ... | From: "MEB" meb@not | | | -----BEGIN PGP SIGNED MESSAGE----- | | Hash: SHA1 | | | | National Cyber Alert System | | | | Technical Cyber Security Alert TA08-162C | | | | Apple Quicktime Updates for Multiple Vulnerabilities | | | | Original release date: June 10, 2008 | | Last revised: -- | | Source: US-CERT | | | | Systems Affected | | | | * Apple Mac OS X running versions of QuickTime prior to 7.5 | | * Microsoft Windows running versions of QuickTime prior to 7.5 | | | | Overview | | | | Apple QuickTime contains multiple vulnerabilities as described in the | | Apple | | Knowledgebase article HT1991. Exploitation of these vulnerabilities could | | allow a remote attacker to execute arbitrary code or cause a | | denial-of-service condition. | | | | I. Description | | | | Apple QuickTime prior to version 7.5 has multiple image and media file | | handling vulnerabilities. An attacker could exploit these vulnerabilities | | by | | convincing a user to access a specially crafted image or media file that | | could be hosted on a web page. Apple QuickTime 7.5 addresses these | | vulnerabilities. | | | | Note that Apple iTunes for Windows installs QuickTime, so any system with | | iTunes may be vulnerable. | | | | II. Impact | | | | These vulnerabilities could allow a remote, unauthenticated attacker to | | execute arbitrary code or cause a denial-of-service condition. For | | further | | information, please see Apple knowledgebase article HT1991 about the | | security content of QuickTime 7.5 | | | | III. Solution | | | | Upgrade QuickTime | | | | Upgrade to QuickTime 7.5. This and other updates for Mac OS X are | | available | | via Apple Update. | | | | Secure your web browser | | | | To help mitigate these and other vulnerabilities that can be exploited | | via a | | web browser, refer to Securing Your Web Browser. | | | | IV. References | | | | * About the security content of the QuickTime 7.5 Update - | | http://support.apple.com/kb/HT1991 | | | | * How to tell if Software Update for Windows is working correctly when | | no | | updates are available - | | http://docs.info.apple.com/article.html?artnum=304263 | | | | * Apple - QuickTime - Download - | | http://www.apple.com/quicktime/download/ | | | | * Mac OS X: Updating your software - | | http://docs.info.apple.com/article.html?artnum=106704 | | | | * Securing Your Web Browser - | | http://www.us-cert.gov/reading_room/securing_browser/ | | | | * US-CERT Vulnerability Notes for QuickTime 7.5 - | | | | http://www.kb.cert.org/vuls/byid?searchview&query=apple_quicktime_7.5 | | | | __________________________________________________ __________________ | | | | The most recent version of this document can be found at: | | | | http://www.us-cert.gov/cas/techalerts/TA08-162C.html | | __________________________________________________ __________________ | | | | Feedback can be directed to US-CERT Technical Staff. Please send | | email to with "TA08-162C Feedback VU#132419" in the | | subject. | | __________________________________________________ __________________ | | | | For instructions on subscribing to or unsubscribing from this | | mailing list, visit http://www.us-cert.gov/cas/signup.html. | | __________________________________________________ __________________ | | | | Produced 2008 by US-CERT, a government organization. | | | | Terms of use: | | | | http://www.us-cert.gov/legal.html | | __________________________________________________ __________________ | | | | Revision History | | | | June 10, 2008: Initial release | | -----BEGIN PGP SIGNATURE----- | | Version: GnuPG v1.4.5 (GNU/Linux) | | | | iQEVAwUBSE7bhHIHljM+H4irAQKGtQf/bW1M/gN6V35MDqIGFK3PbaIXBqnhtFws | | xPl6zNdWmYVCHid6u0aZ+UYE+AESK3Qw3DdiwLRr3X9R4hoGmR UGiedv4h0owQTb | | Rij3K5simf2vbNBsVopFNeVnokOowkcRYUk/n0QnGn5FUnwDeKutrMwXQ94As/Y3 | | 8z/VsKpwqjScHgedT6Hv67f8E6kSma4BBcK2NlRC9VMTWN2oUD7MD I/BSp5kcqaM | | TJfBJzqsWUywWRP3Bi8PYOLYbmC5Qj7nirl0lzCjJdNiS/GKUnT4LezHTlVhVOv5 | | FTnkO25morpDQph2+oBi6o+lCOBu6G6RtfQ7u15CGDCeZyme2B 79eg== | | =e01A | | -----END PGP SIGNATURE----- | | | | And Apple hasn'r supported QuickTime on Win9x/ME for quite a while. | | The *only* solution is to REMOVE QuickTime! | | -- | Dave | http://www.claymania.com/removal-trojan-adware.html | Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp | | |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
US CERT - another QuickTime vulnerability warning - other APPLE | MEB[_2_] | General | 2 | April 6th 08 04:41 PM |
CERT Alert - SUN JAVA - JRE 5 and 6 | MEB[_2_] | General | 1 | March 7th 08 12:19 PM |
Office-VISTA firewall-Adobe Flash-other vulnerabilities - US-Cert-combined | MEB[_2_] | General | 14 | December 23rd 07 07:19 AM |
Security Alert network error message: "your current security settings prohibit | Tim | General | 0 | August 13th 04 08:38 PM |
[ALERT] Multiple Browsers Frame Injection Vulnerability | Steven Burn | Internet | 0 | July 6th 04 04:05 PM |