[MacDV] Quicktime Security Issue
Debra Platt
debraplatt at adelphia.net
Fri Jun 3 06:30:05 PDT 2005
- Security update for QuickTime 7.0 -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, June 3, 2005 - A vulnerability has been detected in Apple's
multimedia player QuickTime 7.0, which could allow an attacker to
obtain personal user data from affected systems. All users of QuickTime
7.0 for Mac OS-X are advised to update to QuickTime 7.0.1.
The flaw lies in the possibility to encrust a malicious Quartz Composer
object in a QuickTime movie. If a user views the movie with an affected
version of QuickTime, the object will be able to read local system data
and send it to a remote web location, where an attacker can retrieve
it.
QuickTime 7.0.1 for Mac OS-X 10.3.9 and later correct this
vulnerability and can be downloaded from
http://www.apple.com/support/downloads/quicktime701.html
The original security advisory released by Apple is available at:
http://docs.info.apple.com/article.html?artnum=301714
NOTE: The address above may not show up on your screen as a single
line. This would prevent you from using the link to access the web
page. If this happens, just use the 'cut' and 'paste' options to join
the pieces of the URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner:
1)Qhost.gen; 2)Netsky.P; 3)Mhtredir.gen; 4)Sdbot.ftp; 5)Mitglieder.DC.
------------------------------------------------------------
To unsubscribe from Oxygen3 24h-365d, please visit:
http://www.pandasoftware.com/unsubscribe.asp
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
More information about the MacDV
mailing list