Apple have release QuickTime 7.3.1. This version fixes a number of vulnerabilities one of which being the RTSP vulnerability that has been in the wild for a few weeks. Viewing specially crafted files could result in an attacker being able to execute arbitrary code on an affected computer.
Fixed are: CVE-ID: CVE-2007-6166, CVE-ID: CVE-2007-4706, CVE-ID: CVE-2007-4707
With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. [2]
Mac users can update via Apple Software Update. Currently Apple Software Update (Windows) is reporting v7.3 to be the latest version so you will need to grab the download or wait for ASU to wake-up.
PATCH NOW!
[1] ESB-2007.1011 — [Win][OSX] — APPLE-SA-2007-12-13 QuickTime 7.3.1 (2007-DEC-14) [AUSCERT]
[2] About the security content of QuickTime 7.3.1 (2007-DEC-13) [Apple]
[3] Quicktime 7.3.1 fixes RTSP vulnerability (2007-DEC-13) [The Unofficial Apple Weblog (TUAW)]
[4] QuickTime 7.3.1 released addresses RTSP vulnerability (2007-DEC-14) [SANS]
0 Responses to “QuickTime 7.3.1 released”