-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

       National Cyber Alert System
   
  Technical Cyber Security Alert TA08-094A


Apple Updates for Multiple Vulnerabilities

   Original release date: April 3, 2008
   Last revised: --
   Source: US-CERT

Systems Affected

     * Apple Mac OS X running versions of QuickTime prior to 7.4.5
     * Microsoft Windows running versions of QuickTime prior to 7.4.5

Overview

   Apple  QuickTime contains multiple vulnerabilities as described in the
   Apple    Knowledgebase   article   HT1241.   Exploitation   of   these
   vulnerabilities  could  allow  a  remote attacker to execute arbitrary
   code or cause a denial-of-service condition.

I. Description

   Apple  QuickTime  7.4.5  vulnerabilities in the way different types of
   image  and  media  files  are handled. An attacker could exploit these
   vulnerabilities  by  convincing  a  user to access a specially crafted
   image or media file that could be hosted on a web page.

   Note  that  Apple iTunes installs QuickTime, so any system with iTunes
   may be vulnerable.

II. Impact

   These  vulnerabilities  could allow a remote, unauthenticated attacker
   to  execute arbitrary code or cause a denial-of-service condition. For
   further  information,  please  see  Apple knowledgebase article HT1241
   about the security content of QuickTime 7.4.5

III. Solution

Upgrade QuickTime

   Upgrade  to  QuickTime  7.4.5. This and other updates for Mac OS X are
   available via Apple Update.

Secure your web browser

   To help mitigate these and other vulnerabilities that can be exploited
   via a web browser, refer to Securing Your Web Browser.

References

 * About the security content of the QuickTime 7.4.5 Update -
   <http://support.apple.com/kb/HT1241>
     
 * How to tell if Software Update for Windows is working correctly
   when no updates are available -
   <http://docs.info.apple.com/article.html?artnum=304263>
     
 * Apple - QuickTime - Download -
   <http://www.apple.com/quicktime/download/>
     
 * Mac OS X: Updating your software -
   <http://docs.info.apple.com/article.html?artnum=106704>
     
 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>
  

 _________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA08-094A.html>
 _________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA08-094A Feedback VU#931547" in the
  subject.
 _________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 _________________________________________________________________

  Produced 2008 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

   Revision History

   April 3, 2008: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBR/UvJvRFkHkM87XOAQIyFAf/RbzzemNIgWIg5js5px9a+1gdaGHxvu/5
SMLzPniRUcOHyKha655bTQSzmZ4bT/j2x24u8NYbZyiWcYphzFmrNTjHCEMs++QP
iTRymTYMC1CthV7J2uFpvNGa9UrIcVmeSJjWJcVw7xdOi2JrcD3pHU62bN0aFNsX
Qtm7w1SlYP0+1y7YzMNP1ZsbCsKBmRfs45x4U8AivZJ6Bewh5uUc0Ic8PGSeLSsA
HUXUQW/ddJREf1TBqgTlDchPHH4s9W4DbjGEdApsIYQJUWOjvZBSeGNzOz4eRpT+
WwDoxQDkBYn7T/ooofDh49L30s5dL4PTvnrb6Btnxr5M0wxduAKOrA==
=cONM
-----END PGP SIGNATURE-----