pro·crasti·nation n.
APPLE-SA-2011-10-26-1 QuickTime 7.7.1
For: Windows 7, Vista, XP SP2 or later
Released: 26 Oct 2011
This patch addresses critical several issues affecting Quicktime running on Windows. Impacts include application termination or arbitrary code execution.
Evaluation:
Update now
LINKS:
[1] About the security content of QuickTime 7.7.1 HT5016 (2011-Oct-26) [Apple]
iTunes 9.0.0
Apple have released iTunes 9.0.0;
SAN FRANCISCO—September 9, 2009—Apple® today introduced iTunes® 9, the latest version of the world’s most popular software application to purchase, manage and play media, packed with innovative features such as iTunes LP, Home Sharing and Genius Mixes, as well as a redesigned store and improved syncing. iTunes 9 makes it easier than ever to discover, purchase and enjoy your music, movies, TV shows, and apps for iPhone™ and iPod touch® from Apple’s revolutionary App Store. Plus, Home Sharing now lets you easily transfer songs, movies and TV shows to other computers in your home. [1]
QuickTime 7.6.4
Fixed in QuickTime 7.6.4 [2]
QuickTime CVE-ID: CVE-2009-2202
QuickTime CVE-ID: CVE-2009-2203
QuickTime CVE-ID: CVE-2009-2798
QuickTime CVE-ID: CVE-2009-2799
Products Affected: [2]
QuickTime 7 (Windows), QuickTime 7 (OS X), Product Security
LINKS:
[1] Apple Premieres iTunes 9 (2009-Sep-09) [Apple]
[2] About the security content of QuickTime 7.6.4 (2009-Sep-09) [Apple]
[3] About QuickTime 7.6.4 (2009-Sep-09) [Apple]
CRP09-51, CRP09-52
iTunes 8.2 now supports iPhone or iPod touch with the iPhone 3.0 Software Update. iTunes 8.2 also includes many accessibility improvements and bug fixes.
This version fixes a number of vulnerabilities. Many of these vulnerabilities may result in application termination or arbitrary code execution
iTunes 8.2
CVE-ID: CVE-2009-0950
QuickTime 7.6.2
CVE-ID: CVE-2009-0188, CVE-ID: CVE-2009-0951, CVE-ID: CVE-2009-0952, CVE-ID: CVE-2009-0010, CVE-ID: CVE-2009-0953, CVE-ID: CVE-2009-0954, CVE-ID: CVE-2009-0185, CVE-ID: CVE-2009-0955, CVE-ID: CVE-2009-0956, CVE-ID: CVE-2009-0957
Apple have release QuickTime 7.6. This version fixes a number of issues. You can update via Apple Software Update or grab the download.
QuickTime 7.6 includes changes that increase reliability, improve compatibility and enhance security. This release is recommended for all QuickTime 7 users. [1]
At the moment (AU) Quicktime 7.6 is available via Software update on the Mac but is still MIA from Apple Software Update on Windows.
[1] About QuickTime 7.6 (2009-Jan-21) [Apple]
[2] About the security content of QuickTime 7.6 (2009-Jan-21) [Apple]
[2] About the security content of QuickTime MPEG-2 Playback Component (2009-Jan-21) [Apple]
Apple have release QuickTime 7.5. This version fixes a number of issues. You can update via Apple Software Update or grab the download.
What’s New in this Version
Improves application compatibility and addresses security issues.
Fixes for:
* CVE-2008-1581: PICT images can lead to an heap overflow and code execution
* CVE-2008-1582: AAC coded media can lead to code execution
* CVE-2008-1583: PICT images can lead to an heap overflow and code execution
* CVE-2008-1584: Indeo video codec can lead to a stack buffer overflow and code execution – note the fix: “This update addresses the issue by not rendering Indeo video codec content.”
* CVE-2008-1585: handling of file: URLs in QuickTime files could lead to an attacker controlled application launch and code execution – This update addresses the issue by revealing files in Finder or Windows Explorer rather than launching them [3].
[1] About QuickTime 7.5 [Apple]
[2] Upgrade to QuickTime 7.5 (2008-JUN-10) [SANS]
[3] About the security content of QuickTime 7.5 (2008-JUN-10) [Apple]
Adobe Reader 8.1.2
On 05 Feb 2008, Adobe released Adobe Reader 8.1.2. Unspecified security issues were addressed in this version.
On Feb. 6, Adobe made an update to Acrobat and Adobe Reader 8 available to update the products to version 8.1.2.
In addition to addressing bug fixes and providing support for Mac OS X Leopard (up through version 10.5.1), the update includes several important security fixes, among them a few of critical severity that could be remotely exploitable.
Adobe recommends users of Acrobat and Adobe Reader 8 install the 8.1.2 update to protect themselves from potential vulnerabilities.
QuickTime 7.4.1
On 06 Feb 2008, Apple released QuickTime 7.4.1. A vulnerability was discovered in QuickTime versions 7.4 and prior. Accessing a website with malicious content could result in arbitrary code execution on an affected computer.
Fixes CVE-ID: CVE-2008-0234 – A heap buffer overflow exists in QuickTime’s handling of HTTP responses when RTSP tunneling is enabled.
QuickTime 7.4.1 addresses security issues and improves compatibility with third-party applications.
This release is recommended for all QuickTime 7 users.
Firefox v2.0.0.12
We strongly recommend that all Firefox users upgrade to this latest release. If you already have Firefox 2.x, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu.
Flock v1.0.08
1.0.8 adds a couple of bug fixes and enhancements with regards to importing in general and from Netscape specifically.
QuickTime for Windows is now available. QuickTime 7.4 is an extremely important release which fixes numerous bugs and critical security issues as well as provides increased compatibility with the latest version of Internet Explorer. QuickTime 7.4 also includes a brand new video codec [H.264] which provides stunning quality at amazingly low data rates. This update is highly recommended for all QuickTimeusers. — QuicKTime Auto Update Message.
Apple have release QuickTime 7.4. This version fixes a number of issues – Fixed are: CVE-2008-0031, CVE-2008-0032, CVE-2008-0033 and CVE-2008-0036. You can update via Apple Software Update or grab the download.
[1] About QuickTime 7.4 [Apple]
[2] Apple releases QuickTime 7.4 with security fixes (2008-JAN-15) [SANS]
[3] About the security content of QuickTime 7.4 (2008-JAN-11) [Apple]
