US-CERT Technical Cyber Security Alert TA07-310A -- Apple QuickTime Updates for Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System
Technical Cyber Security Alert TA07-310A

Apple QuickTime Updates for Multiple Vulnerabilities

Original release date: November 06, 2007
Last revised: --
Source: US-CERT

Systems Affected

Vulnerabilities in Apple QuickTime affect
* Apple Mac OS X
* Microsoft Windows

Overview

Apple QuickTime contains multiple vulnerabilities. Exploitation of
these vulnerabilities could allow a remote attacker to execute
arbitrary code or cause a denial-of-service condition.

I. Description

Apple QuickTime 7.3 resolves multiple vulnerabilities in the way
different types of image and media files are handled. An attacker
could exploit these vulnerabilities by convincing a user to access a
specially crafted image or media file that could be hosted on a web
page.

Note that Apple iTunes installs QuickTime, so any system with iTunes
is vulnerable.

II. Impact

These vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or commands and cause a denial-of-service
condition. For further information, please see About the security
content of QuickTime 7.3.

III. Solution

Upgrade QuickTime

Upgrade to QuickTime 7.3. This and other updates for Mac OS X are
available via Apple Update.

Secure your web browser

To help mitigate these and other vulnerabilities that can be exploited
via a web browser, refer to Securing Your Web Browser.

References

* About the security content of the QuickTime 7.3 Update -
<http://docs.info.apple.com/article.html?artnum=306896>

* How to tell if Software Update for Windows is working correctly when no updates are available -
<http://docs.info.apple.com/article.html?artnum=304263>

* Apple QuickTime Download - <http://www.apple.com/quicktime/download/>

* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>

* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>

_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA07-310A.html>
_________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA07-310A Feedback VU#208011" in the
subject.
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
_________________________________________________________________

Produced 2007 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

November 6, 2007: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRzD0F/RFkHkM87XOAQLSVwf+LsCvcentaE5ATCISYhYd31ionkGNS9cn
LeBC+yCyR330ztfQ9iBphoxxp+fYKpa/RRfnFHqJlv80HYYOiJvnunCdOY5IAbo5
ZyS2vou/ArW5WzJqk9Yq+31hClKQOIoLf/+NcUc7iKkfSBUC8/RsspascX31a1U+
dMF217Q/i9imjMhHr+PXZagRT1naUo8ygeDZ+94Vq+3XUB6qZb6rux8vFdVX3nEY
yvg02JJTVpHy14Nk0KXfXwEq2Hc9uNTa/KwKknJMVqzev4eCAn+/wb424JxoKhqG
lthnzMr/US4Q0NLKpFStcNyETEiKgM9RuZ4v6OWc+nJKVe+QwrDYhQ==
=9WUY
-----END PGP SIGNATURE-----

California Fire News

Inciweb: Santiago Wildland Fire - 28,400 acres - 90% contained Posted: 05 Nov 2007 03:57 PM CST Santiago Wildland Fire Incident Information Announcements News Photographs Maps INCIDENT UPDATED 2 HRS. AGO by Evelio Suarez Credit: USFS view pictures || view maps Summary The fire was active in unburned fuels overnight on the eastern portion of the fire but all containment lines are holding. Crews have been strategically placed along the fire's perimeter to address observed fire behavior. Smoke will likely be visible throughout the day along the eastern portion. The smell of smoke may also be noticeable. Holding containment lines is today's main objective. Mop up and rehabilitation of lines also continues. All evacuation orders have been lifted as of 4PM, November 3. The evacuation center at El Modena is now closed. Basic Information Incident Type Wildland Fire Cause Human Date of Origin 10/21/2007 at 1755 hrs. Location Santiago Canyon, Silverado Canyon, Irvine, CA. Incident Commander Witesman, Whitney Current Situation Total Personnel 1,199 Size 28,400 acres Percent Contained 90% Estimated Containment Date 11/06/2007 at hrs. Fuels Involved Chaparral,annual grasses and brush. Much of the fuel component is in the 100 year old age class. Fire Behavior Very little activity, some small flare-ups. Significant Events Jim Smith's type 2 team, Central Coast Interagency Incident Management Team 7 assumed command. Outlook Planned Actions Strengthen containment lines, mop up, continue rehabilitation and fire suppression repair. Growth Potential Low Terrain Difficulty High Remarks Not available Weather Current Wind Conditions 2 mph NE Current Temperature 62 degrees Current Humidity 22 %

You are subscribed to email updates from California Fire News - Structure, Wildland, EMS To stop receiving these emails, you may unsubscribe now.	Email Delivery powered by FeedBurner
Inbox too full? Subscribe to the feed version of California Fire News - Structure, Wildland, EMS in a feed reader.
If you prefer to unsubscribe via postal mail, write to: California Fire News - Structure, Wildland, EMS, c/o FeedBurner, 20 W Kinzie, 9th Floor, Chicago IL USA 60610