US CERT - another QuickTime vulnerability warning - other APPLE

[Guest MEB]

NOTE: Win9X/ME users, your APPLE Quicktime is severly outdated.... look for

alternative codex offerings if you need support for the extensions.

The newer QuickTime players do NOT support 9X/ME/NT.

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

National Cyber Alert System

 

Technical Cyber Security Alert TA08-094A

 

 

Apple Updates for Multiple Vulnerabilities

 

Original release date: April 3, 2008

Last revised: --

Source: US-CERT

 

Systems Affected

 

* Apple Mac OS X running versions of QuickTime prior to 7.4.5

* Microsoft Windows running versions of QuickTime prior to 7.4.5

 

Overview

 

Apple QuickTime contains multiple vulnerabilities as described in the

Apple Knowledgebase article HT1241. Exploitation of these

vulnerabilities could allow a remote attacker to execute arbitrary

code or cause a denial-of-service condition.

 

I. Description

 

Apple QuickTime 7.4.5 vulnerabilities in the way different types of

image and media files are handled. An attacker could exploit these

vulnerabilities by convincing a user to access a specially crafted

image or media file that could be hosted on a web page.

 

Note that Apple iTunes installs QuickTime, so any system with iTunes

may be vulnerable.

 

II. Impact

 

These vulnerabilities could allow a remote, unauthenticated attacker

to execute arbitrary code or cause a denial-of-service condition. For

further information, please see Apple knowledgebase article HT1241

about the security content of QuickTime 7.4.5

 

III. Solution

 

Upgrade QuickTime

 

Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are

available via Apple Update.

 

Secure your web browser

 

To help mitigate these and other vulnerabilities that can be exploited

via a web browser, refer to Securing Your Web Browser.

 

References

 

* About the security content of the QuickTime 7.4.5 Update -

<http://support.apple.com/kb/HT1241>

 

* How to tell if Software Update for Windows is working correctly

when no updates are available -

<http://docs.info.apple.com/article.html?artnum=304263>

 

* Apple - QuickTime - Download -

<http://www.apple.com/quicktime/download/>

 

* Mac OS X: Updating your software -

<http://docs.info.apple.com/article.html?artnum=106704>

 

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/>

 

 

_________________________________________________________________

 

The most recent version of this document can be found at:

 

<http://www.us-cert.gov/cas/techalerts/TA08-094A.html>

_________________________________________________________________

 

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the

subject.

_________________________________________________________________

 

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

_________________________________________________________________

 

Produced 2008 by US-CERT, a government organization.

 

Terms of use:

 

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

 

April 3, 2008: Initial release

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.2.1 (GNU/Linux)

 

iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5

SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP

iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX

Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA

HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+

WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==

=cONM

-----END PGP SIGNATURE-----

[Guest David H. Lipman]

Re: US CERT - another QuickTime vulnerability warning - other APPLE

 

From: "MEB" <meb@not here@hotmail.com>

 

| NOTE: Win9X/ME users, your APPLE Quicktime is severly outdated.... look for

| alternative codex offerings if you need support for the extensions.

| The newer QuickTime players do NOT support 9X/ME/NT.

|

| -----BEGIN PGP SIGNED MESSAGE-----

| Hash: SHA1

|

| National Cyber Alert System

|

| Technical Cyber Security Alert TA08-094A

|

| Apple Updates for Multiple Vulnerabilities

|

| Original release date: April 3, 2008

| Last revised: --

| Source: US-CERT

|

| Systems Affected

|

| * Apple Mac OS X running versions of QuickTime prior to 7.4.5

| * Microsoft Windows running versions of QuickTime prior to 7.4.5

|

| Overview

|

| Apple QuickTime contains multiple vulnerabilities as described in the

| Apple Knowledgebase article HT1241. Exploitation of these

| vulnerabilities could allow a remote attacker to execute arbitrary

| code or cause a denial-of-service condition.

|

| I. Description

|

| Apple QuickTime 7.4.5 vulnerabilities in the way different types of

| image and media files are handled. An attacker could exploit these

| vulnerabilities by convincing a user to access a specially crafted

| image or media file that could be hosted on a web page.

|

| Note that Apple iTunes installs QuickTime, so any system with iTunes

| may be vulnerable.

|

| II. Impact

|

| These vulnerabilities could allow a remote, unauthenticated attacker

| to execute arbitrary code or cause a denial-of-service condition. For

| further information, please see Apple knowledgebase article HT1241

| about the security content of QuickTime 7.4.5

|

| III. Solution

|

| Upgrade QuickTime

|

| Upgrade to QuickTime 7.4.5. This and other updates for Mac OS X are

| available via Apple Update.

|

 

< snip >

 

Vulnerabilities in QuickTime are actively being exploited.

 

Unfortunately, Win98 is no longer supported so the ONLY solution is the removal of

QuickTime.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest BoB]

Re: US CERT - another QuickTime vulnerability warning - other APPLE

 

On Fri, 4 Apr 2008 17:49:55 -0400, "David H. Lipman"

<DLipman~nospam~@Verizon.Net> wrote:

>From: "MEB" <meb@not here@hotmail.com>

>

>| NOTE: Win9X/ME users, your APPLE Quicktime is severly outdated.... look for

>| alternative codex offerings if you need support for the extensions.

>| The newer QuickTime players do NOT support 9X/ME/NT.

>| III. Solution

>|

>| Upgrade QuickTime

>

>< snip >

>

>Vulnerabilities in QuickTime are actively being exploited.

>

>Unfortunately, Win98 is no longer supported so the ONLY solution is the removal of

>QuickTime.

 

I just uninstalled Real Player and Quicktime and replaced them with

Real Alternative and Quicktime Lite. They both work fine in my XP sp2

as they did in my old Win98SE.

 

http://www.free-codecs.com/download/QuickTime_Alternative.htm

 

RealAlt

http://www.codecguide.com/

 

BoB