site_archiver@lists.apple.com Delivered-To: security-announce@lists.apple.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2007-07-11 QuickTime 7.2 QuickTime 7.2 is now available. Along with functionality improvements (see release notes), it also provides fixes for the following security issues: QuickTime CVE-ID: CVE-2007-2295 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted H.264 movie may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of H.264 movies. By enticing a user to access a maliciously crafted H.264 movie, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of QuickTime H.264 movies. Credit to Tom Ferris of Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for reporting this issue. QuickTime CVE-ID: CVE-2007-2392 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in QuickTime's handling of movie files. By enticing a user to access a maliciously crafted movie file, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files. Credit to Jonathan 'Wolf' Rentzsch of Red Shed Software for reporting this issue. QuickTime CVE-ID: CVE-2007-2296 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted .m4v file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow vulnerability exists in QuickTime's handling of .m4v files. By enticing a user to access a maliciously crafted .m4v file, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of .m4v files. Credit to Tom Ferris of Security-Protocols.com for reporting this issue. QuickTime CVE-ID: CVE-2007-2394 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted SMIL file may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow vulnerability exists in QuickTime's handling of SMIL files. By enticing a user to access a maliciously crafted SMIL file, an attacker can trigger the issue which may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of SMIL files. Credit to David Vaartjes of ITsec Security Services, working with the iDefense VCP, for reporting this issue. QuickTime CVE-ID: CVE-2007-2397 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Visiting a malicious website may lead to arbitrary code execution Description: A design issue exists in QuickTime for Java, which may allow security checks to be disabled. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing a more accurate permissions check. Credit to Adam Gowdiak for reporting this issue. QuickTime CVE-ID: CVE-2007-2393 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Visiting a malicious website may lead to arbitrary code execution Description: A design issue exists in QuickTime for Java. This may allow Java applets to bypass security checks in order to read and write process memory. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by performing additional validation of Java applets. Credit to Adam Gowdiak for reporting this issue. QuickTime CVE-ID: CVE-2007-2396 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Visiting a malicious website may lead to arbitrary code execution Description: A design issue exists in QuickTime for Java. JDirect exposes interfaces that may allow loading arbitrary libraries and freeing arbitrary memory. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to arbitrary code execution. This update addresses the issue by removing support for JDirect from QuickTime for Java. Credit to Adam Gowdiak for reporting this issue. QuickTime CVE-ID: CVE-2007-2402 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Windows Vista, XP SP2 Impact: Visiting a malicious website may lead to the disclosure of sensitive information Description: A design issue exists in QuickTime for Java, which may allow a malicious website to capture a client's screen content. By enticing a user to visit a web page containing a maliciously crafted Java applet, an attacker can trigger the issue which may lead to the disclosure of sensitive information. This update addresses the issue by performing a more accurate access control check. QuickTime 7.2 may be obtained from the Software Update application, or from the Apple Downloads site: http://www.apple.com/support/downloads/ For Mac OS X v10.3.9 or later The download file is named: "QuickTime720.dmg" Its SHA-1 digest is: 391f359c8243b673bbd32c77a23416f5b0ebfd46 QuickTime 7.2 for Windows Vista/XP/2000 The download file is named: "QuickTimeInstaller.exe" Its SHA-1 digest is: bb89981f10cf21de57b9453e53cf81b9194271a9 QuickTime 7.2 with iTunes for Windows Vista/XP/2000 The download file is named: "iTunesSetup.exe" Its SHA-1 digest is: 77144b39b768143cb4882b7b6f463724f87fcbd8 Information will also be posted to the Apple Product Security web site: http://docs.info.apple.com/article.html?artnum=61798 This message is signed with Apple's Product Security PGP key, and details are available at: http://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.6 (Build 6060) iQEVAwUBRpVR18gAoqu4Rp5tAQgIlgf/Q3e6/ofKXEntL8FpwIX4xVnG5sK5yT/o GsBItIy2Tunltag0/b/quAga96wamSNJctRuhrVL1n3GTjPVTIcNKNqqsanT1MxS El4Bfil6sQLk8TBdwhZma56BT3w0exPDzHqG8uLyGN41uc7CVjcabYlkMB6ISOul dZWlW0svnttP0k6v7/fpK37upYZWVb2G6BTVHgQ61jjzbRUGafbATue6rsHPvHuU ZgCtmn/SDR+uCahxUna/SGR/8G+BF1ftvAjqv1Ty2jRcHuuKaA53eInwbctd3TF0 sqpwvl8v/U90cub1fGtrHfKO1PDAAnSl6v56fuVgnEzeszT9tXUxRA== =WdMi -----END PGP SIGNATURE----- _______________________________________________ Do not post admin requests to the list. They will be ignored. Security-announce mailing list (Security-announce@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/security-announce/site_archiver%40lis... This email sent to site_archiver@lists.apple.com