-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                        National Cyber Alert System

	        Technical Cyber Security Alert TA08-016A


Apple QuickTime Updates for Multiple Vulnerabilities

   Original release date: January 16, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Apple Mac OS X running versions of QuickTime prior to 7.4
     * Microsoft Windows running versions of QuickTime prior to 7.4

Overview

   Apple QuickTime contains multiple vulnerabilities. Exploitation of
   these vulnerabilities could allow a remote attacker to execute
   arbitrary code or cause a denial-of-service condition.


I. Description

   Apple QuickTime 7.4 resolves multiple vulnerabilities in the way
   different types of image and media files are handled. An attacker
   could exploit these vulnerabilities by convincing a user to access a
   specially crafted image or media file that could be hosted on a web
   page.

   Note that Apple iTunes installs QuickTime, so any system with iTunes
   is vulnerable.


II. Impact

   These vulnerabilities could allow a remote, unauthenticated attacker
   to execute arbitrary code or cause a denial-of-service condition. For
   further information, please see About the security content of
   QuickTime 7.4.


III. Solution

Upgrade QuickTime

   Upgrade to QuickTime 7.4. This and other updates for Mac OS X are
   available via Apple Update.

Secure your web browser

   To help mitigate these and other vulnerabilities that can be exploited
   via a web browser, refer to Securing Your Web Browser.


References

    * About the security content of the QuickTime 7.4 Update -
      <http://docs.info.apple.com/article.html?artnum=307301>
   
    * How to tell if Software Update for Windows is working correctly
      when no updates are available -
      <http://docs.info.apple.com/article.html?artnum=304263>
     
    * Apple - QuickTime - Download -
      <http://www.apple.com/quicktime/download/>
     
    * Mac OS X: Updating your software -
      <http://docs.info.apple.com/article.html?artnum=106704>
     
    * Securing Your Web Browser -
      <http://www.us-cert.gov/reading_room/securing_browser/>
     
 _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA08-016A.html>
 _________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA08-016A Feedback VU#818697" in the
   subject.
 _________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 _________________________________________________________________

 
Revision History

   January 16, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR45mevRFkHkM87XOAQLP6AgAj7J4sy83ZWEKfcDb2brgHptxAwqvArkZ
HzV+5lGg1A86V4/MARlxXctWv5JH3e2knx5ZoMUN8napP9VEag2Ra68Zdh9lKu1S
nfCRRwcIj38iakuv7xKrNt1AJHj3rHguzCjvWu8gHEJtlb15zqVr97Ci9LuNdLP3
W4hdsIxuzYQl7Ou5+j0Z9bhH1WWZRjmabsop+b0ApxeZI2F6mJn0rscRvxPQYBls
ims6CP7YseK4+ElJHAMEJfW/6gPhwyedjgesd0jssYvhtYdufn4OCZvwL+p9QSlQ
+E+UKcws4BHlEpg0dQhA13REQxwqqMgSWdm3NU8hbGdEJAJGH0cYNQ==
=emKJ
-----END PGP SIGNATURE-----