[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

APPLE-SA-2007-05-01 QuickTime 7.1.6

Subject: APPLE-SA-2007-05-01 QuickTime 7.1.6
From: Apple Product Security <email@hidden>
Date: Tue, 1 May 2007 13:11:37 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2007-05-01 QuickTime 7.1.6

QuickTime 7.1.6 is now available. Along with functionality
improvements (see release notes), it also addresses the
following security issue:

QuickTime
CVE-ID: CVE-2007-2175
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9, Windows XP SP2,
Windows 2000 SP4
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An implementation issue exists in QuickTime for Java,
which may allow reading or writing out of the bounds of the allocated
heap. By enticing a user to visit a web page containing a
maliciously-crafted Java applet, an attacker can trigger the issue
which may lead to arbitrary code execution. This update addresses the
issue by performing additional bounds checking when creating
QTPointerRef objects. Credit to Dino Dai Zovi working with
TippingPoint and the Zero Day Initiative for reporting this issue.

QuickTime 7.1.6 may be obtained from the Software Update
application, or from the Download area in the QuickTime site
http://www.apple.com/quicktime/download/

For Mac OS X v10.4.9 and Mac OS X v10.3.9
The download file is named:  "QuickTime716.dmg"
Its SHA-1 digest is:  275327dadcb28b704eb2ed40db3ee300103cea6f

QuickTime 7.1.6 for Windows XP/2000
The download file is named:  "QuickTimeInstaller.exe"
Its SHA-1 digest is:  2ebfbab44f7ee26ce15f88373d5f843ef2232ed4

QuickTime 7.1.6 with iTunes for Windows XP/2000
The download file is named:  "iTunesSetup.exe"
Its SHA-1 digest is:  528be70403b1675597e8563bafe2f9f728eda6dd

Information will also be posted to the Apple Product Security
web site:  http://docs.info.apple.com/article.html?artnum=61798

This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRjd8SImzP5/bU5rtAQjwcwf/cS2ooYOgvphfAPMnkoeFqELnKHg81bFd
hRbWCAtIoKA8wK6r4ipCihYtwjJLB/5rmr8mwAicXh7zI5FcAWt1oO7WJo63FAbY
e2DViNNwclBZZwS1l/ZBmDETJ9NDJopTIDOZzURjXJIFexXmFqYHIEaznKW93tCQ
G8NhGZQfA87HU1swx2JQOftu+HkyLGbxrnkW76GGiM7E8A5gkk0a4zp/OIPhafGZ
633LfJ0Fkyo2sWVdAW+y0shB2Lj5hNEdz8II+r+dOQZ0pr03kwjhHD32Pe60HLb+
H7Y6p78goiFgXvcpaqjgzCPyNcWhiR2Blp2afo1hV7QLwMH1I/SxZQ==
=9v9q
-----END PGP SIGNATURE-----

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/security-announce/email@hidden

This email sent to email@hidden

Prev by Date: APPLE-SA-2007-05-01 Security Update 2007-004 v1.1
Next by Date: APPLE-SA-2007-05-10 Darwin Streaming Server 5.5.5
Previous by thread: APPLE-SA-2007-05-01 Security Update 2007-004 v1.1
Next by thread: APPLE-SA-2007-05-10 Darwin Streaming Server 5.5.5
Index(es):
- Date
- Thread

Home