Apple QuickTime Updates for Multiple Vulnerabilities
National Cyber Alert System
Technical Cyber Security Alert TA09-022A
Apple QuickTime Updates for Multiple Vulnerabilities
Original release date: January 22, 2009
Source: US-CERT
Systems Affected
Apple QuickTime 7.5 for Windows and Mac OS X
Overview
Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.
I. Description
Apple QuickTime 7.6 addresses a number of vulnerabilities affecting QuickTime. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted media or movie file. This file could be hosted on a web page or sent via email.
II. Impact
The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution and denial of service.
III. Solution
Upgrade to QuickTime 7.6. This and other updates are available via Software Update or via Apple Downloads.