APPLE-SA-2007-05-01 QuickTime 7.1.6
APPLE-SA-2007-05-01 QuickTime 7.1.6
- Subject: APPLE-SA-2007-05-01 QuickTime 7.1.6
- From: Apple Product Security <email@hidden>
- Date: Tue, 1 May 2007 13:11:37 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2007-05-01 QuickTime 7.1.6
QuickTime 7.1.6 is now available. Along with functionality
improvements (see release notes), it also addresses the
following security issue:
QuickTime
CVE-ID: CVE-2007-2175
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9, Windows XP SP2,
Windows 2000 SP4
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: An implementation issue exists in QuickTime for Java,
which may allow reading or writing out of the bounds of the allocated
heap. By enticing a user to visit a web page containing a
maliciously-crafted Java applet, an attacker can trigger the issue
which may lead to arbitrary code execution. This update addresses the
issue by performing additional bounds checking when creating
QTPointerRef objects. Credit to Dino Dai Zovi working with
TippingPoint and the Zero Day Initiative for reporting this issue.
QuickTime 7.1.6 may be obtained from the Software Update
application, or from the Download area in the QuickTime site
http://www.apple.com/quicktime/download/
For Mac OS X v10.4.9 and Mac OS X v10.3.9
The download file is named: "QuickTime716.dmg"
Its SHA-1 digest is: 275327dadcb28b704eb2ed40db3ee300103cea6f
QuickTime 7.1.6 for Windows XP/2000
The download file is named: "QuickTimeInstaller.exe"
Its SHA-1 digest is: 2ebfbab44f7ee26ce15f88373d5f843ef2232ed4
QuickTime 7.1.6 with iTunes for Windows XP/2000
The download file is named: "iTunesSetup.exe"
Its SHA-1 digest is: 528be70403b1675597e8563bafe2f9f728eda6dd
Information will also be posted to the Apple Product Security
web site: http://docs.info.apple.com/article.html?artnum=61798
This message is signed with Apple's Product Security PGP key,
and details are available at:
http://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRjd8SImzP5/bU5rtAQjwcwf/cS2ooYOgvphfAPMnkoeFqELnKHg81bFd
hRbWCAtIoKA8wK6r4ipCihYtwjJLB/5rmr8mwAicXh7zI5FcAWt1oO7WJo63FAbY
e2DViNNwclBZZwS1l/ZBmDETJ9NDJopTIDOZzURjXJIFexXmFqYHIEaznKW93tCQ
G8NhGZQfA87HU1swx2JQOftu+HkyLGbxrnkW76GGiM7E8A5gkk0a4zp/OIPhafGZ
633LfJ0Fkyo2sWVdAW+y0shB2Lj5hNEdz8II+r+dOQZ0pr03kwjhHD32Pe60HLb+
H7Y6p78goiFgXvcpaqjgzCPyNcWhiR2Blp2afo1hV7QLwMH1I/SxZQ==
=9v9q
-----END PGP SIGNATURE-----
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Security-announce mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden