QuickTime Update

[A Nonny Moose]

There are three things this update delivers:

 

QuickTime

 

CVE-ID: CVE-2007-6166

 

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

 

Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution

 

Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.

 

QuickTime

 

CVE-ID: CVE-2007-4706

 

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

 

Impact: Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution

 

Description: A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

 

QuickTime

 

CVE-ID: CVE-2007-4707

 

Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2

 

Impact: Multiple vulnerabilities in QuickTime's Flash media handler

 

Description: Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue.

 

Now for the chorus of "will this work on such and such a Hack?"

[cmdshft]

This broke my hack install.

 

If you believe me, you're retarded.

[Numberzz]

I have to restart my computer. Not installing.

 

Plus I'm not stupid enough to open a file that could break my computer.

[Headrush69]

Worked fine on my EFI based machine.

[cmdshft]

I hope you saw my white text.

 

We're only worried about system updates. App updates don't break Hacks...

[Numberzz]

If you're talking to me...

1. I have a real mac, so don't need to worry.

2. I don't want to restart my computer, let alone my server.

[macgirl]

I hope you saw my white text.

 

We're only worried about system updates. App updates don't break Hacks...

Yeah, Apps updates but QT sometimes replaces some system files so, there is always an exception.

[xtraa]

Yup, QT is not only an app, it comes with many system files, like for graphics.

 

For example, after applying this update, my iTunes doesn't work anymore.

[Soündless]

this actually did {censored} over my system. the restart didnt take effect, so i shut it down and when i turned it back on it took me to the setup assistant

[The Baron]

Worked perfectly here - I always dl the file from Apple anyway and use that, saves me having to dl over & over.

[caracols]

Worked fine here.