-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

	   National Cyber Alert System
    Technical Cyber Security Alert TA07-310A


Apple QuickTime Updates for Multiple Vulnerabilities

   Original release date: November 06, 2007
   Last revised: --
   Source: US-CERT

Systems Affected

   Vulnerabilities in Apple QuickTime affect
     * Apple Mac OS X
     * Microsoft Windows

Overview

   Apple QuickTime contains multiple vulnerabilities. Exploitation of
   these vulnerabilities could allow a remote attacker to execute
   arbitrary code or cause a denial-of-service condition.

I. Description

   Apple QuickTime 7.3 resolves multiple vulnerabilities in the way
   different types of image and media files are handled. An attacker
   could exploit these vulnerabilities by convincing a user to access a
   specially crafted image or media file that could be hosted on a web
   page.

   Note that Apple iTunes installs QuickTime, so any system with iTunes
   is vulnerable.

II. Impact

   These vulnerabilities could allow a remote, unauthenticated attacker
   to execute arbitrary code or commands and cause a denial-of-service
   condition. For further information, please see About the security
   content of QuickTime 7.3.

III. Solution

Upgrade QuickTime

   Upgrade to QuickTime 7.3. This and other updates for Mac OS X are
   available via Apple Update.

Secure your web browser

   To help mitigate these and other vulnerabilities that can be exploited
   via a web browser, refer to Securing Your Web Browser.

References

 * About the security content of the QuickTime 7.3 Update -
   <http://docs.info.apple.com/article.html?artnum=306896>
     
 * How to tell if Software Update for Windows is working correctly when no updates are available -
   <http://docs.info.apple.com/article.html?artnum=304263>
     
 * Apple QuickTime Download - <http://www.apple.com/quicktime/download/>
     
 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>
     
 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>
    
 _________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
 _________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the
   subject.
 _________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 _________________________________________________________________

Revision History

   November 6, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn
LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5
ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+
dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY
yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG
lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ==
=9WUY
-----END PGP SIGNATURE-----