Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA07-024A -- Apple QuickTime Update for RTS

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA07-024A -- Apple QuickTime Update for RTSP Vulnerability
Date: Wed, 24 Jan 2007 17:47:41 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

                   Cyber Security Alert SA07-024A


Apple QuickTime Update for RTSP Vulnerability

   Original release date: January 24, 2007
   Last revised: --
   Source: US-CERT


Systems Affected

   Apple QuickTime on computers running

     * Apple Mac OS X
     * Microsoft Windows

   Note that Apple iTunes and other software using the vulnerable
   QuickTime components are also affected.


Overview

     A vulnerability exists in Apple QuickTime that could allow an
     attacker to gain control of your computer. Apple has released
     Security Update 2007-001 to address this vulnerability.

Solution

Install an update

     Apple Mac OS X users should install Apple Security Update
     2007-001 through Software Update.

     Microsoft Windows users of QuickTime 7.1.3 should install Apple
     Security Update 2007-001 through Apple Software Update. Users of
     previous versions of QuickTime should upgrade to QuickTime 7.1.3
     and then install Apple Software Update. You can find Apple
     Software Update in the Start menu under All Programs. If you
     cannot find Apple Software Update, then re-install QuickTime
     7.1.3.

     Refer to Apple Security Update 2007-001 for more information.


Description

     A vulnerability in Apple QuickTime 7.1.3, and possibly in earlier
     versions, allows an attacker to run malicious software on your
     computer when you open a QuickTime file. This malicious software
     could also be embedded in a web page, and could execute, without
     your knowledge, when you visit a malicious web page or open an
     HTML document. For information on protecting against these types
     of attacks consult Securing Your Web Browser.

     For more technical information, see US-CERT Technical Alert
     TA07-005A.


References

     * US-CERT Vulnerability Note VU#442497 -
       <http://www.kb.cert.org/vuls/id/442497>

     * US-CERT Technical Cyber Security Alert TA07-005A -
       <http://www.us-cert.gov/cas/techalerts/TA07-005A.html>

     * Securing Your Web Browser -
       <http://www.us-cert.gov/reading_room/securing_browser/>

     * About Security Update 2007-001 -
       <http://docs.info.apple.com/article.html?artnum=304989>

     * Mac OS X: Updating your software -
       <http://docs.info.apple.com/article.html?artnum=106704>

     * How to repair Software Update for Windows -
       <http://docs.info.apple.com/article.html?artnum=304264>

     * Apple - QuickTime - Download -
       <http://www.apple.com/quicktime/download/win.html>

     * CVE-2007-0015 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0015>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA07-024A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT. Please send email to
   <cert@cert.org> with "SA07-024A Feedback VU#442497" in the subject.
 ____________________________________________________________________

   Mailing list information:

     <http://www.us-cert.gov/cas/>
 ____________________________________________________________________

   Produced 2007 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   January 24, 2007: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRbfgi+xOF3G+ig+rAQIVwggArTKgGNcCkUdZXmhbmblPFg7/+v2ye/XG
qsZ1cNOYN3HULsSj30Bkpj2O2w1Kijhp/bbP2ht+yXFMC85qpGMsAQz7bElc7/+t
7YlGbNrWfxzX0+Yy4Qk+jJMVitaUtQ9IpcU5lgDL+ciyqNf7j7/RIFD4dPGGmY5F
3bAyegVXgeEWjWs2lMDvfVdz1CtksEW3UPUabyG3RVEkcyz8chhKvkr/n3DmZcgI
EUT/PmAcujSlpwjmLZKXW8okDFWYIuywMgdFkGmxJGTAFTsDuM1qeyg1vsida2w2
DtRoJZkVnQVsOL4XqeC17FwziM2K8CHcqPcE8Qx9lvMDjsYFb8/u3g==
=zH+O
-----END PGP SIGNATURE-----
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA07-024A -- Apple QuickTime Update for RTSP Vulnerability, US-CERT Alerts <=
Previous by Date:  US-CERT Cyber Security Alert SA07-022A -- Sun Updates for Multiple Vulnerabilities in Java, US-CERT Alerts
Previous by Thread:  US-CERT Cyber Security Alert SA07-022A -- Sun Updates for Multiple Vulnerabilities in Java, US-CERT Alerts
Indexes:  [Date] [Thread] [Top] [All Lists]