Original release date: January 22, 2009
Last revised: --
Source: US-CERT

Systems Affected

• Apple QuickTime 7.5 for Windows and Mac OS X

Overview

Apple has released QuickTime 7.6 to correct multiple vulnerabilities affecting QuickTime for Mac OS X and Windows. Attackers may be able to exploit these vulnerabilities to execute arbitrary code or cause a denial of service.

I. Description

Apple QuickTime 7.6 addresses a number of vulnerabilities affecting QuickTime. An attacker could exploit these vulnerabilities by convincing a user to access a specially crafted media or movie file. This file could be hosted on a web page or sent via email.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include arbitrary code execution and denial of service.

III. Solution

Upgrade to QuickTime 7.6. This and other updates are available via Software Update or via Apple Downloads.

IV. References

• About the security content of QuickTime 7.6 - <http://support.apple.com/kb/HT3403>
• Apple Support Downloads - <http://support.apple.com/downloads/>
• Mac OS X - updating your software - <http://support.apple.com/kb/HT1338?viewlocale=en_US>
• Securing Your Web Browser - <https://www.us-cert.gov/reading_room/securing_browser/>

Feedback can be directed to US-CERT.

Produced 2009 by US-CERT, a government organization. Terms of use

January 22, 2009: Initial release