The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

SANS – Internet Storm Center – Quicktime patches for Mac and Windows

Handler’s Diary
January 10th 2006

Quicktime patches for Mac and Windows
(NEW)
Published: 2006-01-10,
Last Updated: 2006-01-10 20:55:19 UTC by Kyle
Haugsness (Version: 1)
Is Apple hiding behind Microsoft’s advisories? Seems
like Apple has been conveniently releasing security advisories on the same day
as Microsoft’s. Conspiracy theory? You be the judge.

Anyway, Apple
released a security update to Quicktime. http://docs.info.apple.com/article.html?artnum=303101
There
are multiple vulnerabilities patched. To summarize the advisory: A
maliciously-crafted GIF/TIFF/TGA/QTIF image or multimedia file may result in
arbitrary code execution. Well that pretty much covers the whole web browsing
thing.

Given the week we’ve had, I suppose that everyone should go back
to using netcat for surfing the web.

Update (from Scott):

For
those using Quicktime on Windows, a quick note about the versions of Quicktime
available to download at http://www.apple.com/quicktime/ .  As of  5:30 UTC that
the default installer you download includes iTunes.  The version of Quicktime
included is 7.0.3 which is vulnerable per the advisory above. However, if you
download the standalone installer located at http://www.apple.com/quicktime/download/standalone.html
, then you get the updated version of Quicktime 7.0.4.

Additionally, if
you try to update the software using the “Update existing software…” item
under the Help menu, then you receive a message about not being able to make an
Internet connection to the software server. I receive the same message if I use
the update message under the Quicktime settings window. Not sure if this is an
odd configuration problem on my end, or if their update server is having
problems.

SANS – Internet Storm Center –
Cooperative Cyber Threat Monitor And Alert System
.

Advertisements

January 14, 2006 - Posted by | Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: