Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Apple releases QuickTime 7.4 with security fixes - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Apple releases QuickTime 7.4 with security fixes

Apple has just released QuickTime 7.4 which fixes several security vulnerabilities:

  • CVE-2008-0031: A maliciously crafted Sorensen 3 movie file may lead to arbitrary code execution;
  • CVE-2008-0032: A maliciously crafted movie file may lead to arbitrary code execution during the handling of Macintosh resource records;
  • CVE-2008-0033: A maliciously crafted movie file may lead to arbitrary code execution during parsing of Image Descriptor atoms;
  • CVE-2008-0036: A maliciously crafted PICT image may lead to arbitrary code execution;

Note that this update does not yet appear to resolve the critical vulnerability reported last week by Luigi Auriemma (VU #112179).

Maarten

158 Posts

Sign Up for Free or Log In to start participating in the conversation!