December 8, 2022
QuickTime 7.3.1 Security Update

QuickTime 7.3.1 Security Update

Posted December 14, 2007 at 9:01am by iClarified · 3331 views
Apple has released a Quicktime update for Leopard, Tiger, Panther, and Windows. The update fixes a dangerous security flaw in the program.

QuickTime 7.3.1

QuickTime
● CVE-ID: CVE-2007-6166
● Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
● Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution
● Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data.

QuickTime
● CVE-ID: CVE-2007-4706
● Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
● Impact: Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution
● Description: A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking.

QuickTime
● CVE-ID: CVE-2007-4707
● Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2
● Impact: Multiple vulnerabilities in QuickTime's Flash media handler
● Description: Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue.


QuickTime 7.3.1 Security Update
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments
You must login or register to add a comment...
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
How to Create a Bootable macOS Ventura USB Installer [Video]
How to Fix 'No Matching Host Key Type Found' on Mac
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS