« Touchscreen-Panel für Video-iPod von Wintek und weitere wirre Gerüchte | Start | Browser-Vergleich: iPhone gegen N95 gegen N800 (Video) »

11.07.2007

Frisch: iTunes 7.3.1 und QuickTime 7.2 [Update]

Apple gibt iTunes 7.3.1 und QuickTime 7.2 frei: Das Update für iTunes soll ein Problem mit der iTunes-Library beheben. QuickTime 7.2 ermöglicht endlich den Vollbildmodus im QT-Player selbst (ohne für die Pro-Version zahlen zu müssen oder zu AppleScript-Umwegen etc. zu greifen). Mit enthalten: Updates für den H.264-Codec (sprich Exportieroption fürs iPhone als .m4v oder .3gp) und zahlreiche Fehlerbeseitigungen. Beide Aktualisierungen sind über die Softwareaktualisierung oder apple.com zu erhalten. iTunes 7.3.1 für Mac OS X (mindestens 10.3.9) oder für Windows. QuickTime 7.2 für 10.3.9 oder mindestens 10.4.9 bzw. für Windows. Das QT-Update erfordert einen Neustart.
Update: QuickTime 7.2 stopft außerdem acht Sicherheitslücken. Details nach dem Klick.

QuickTime
CVE-ID: CVE-2007-2295
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted H.264 movie may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of H.264 movies. By enticing a user to access a maliciously
crafted H.264 movie, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of QuickTime H.264 movies. Credit to Tom Ferris of
Security-Protocols.com, and Matt Slot of Ambrosia Software, Inc. for
reporting this issue.

QuickTime
CVE-ID: CVE-2007-2392
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution
Description: A memory corruption issue exists in QuickTime's
handling of movie files. By enticing a user to access a maliciously
crafted movie file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of movie files. Credit to Jonathan 'Wolf' Rentzsch of Red Shed
Software for reporting this issue.

QuickTime
CVE-ID: CVE-2007-2296
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted .m4v file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow vulnerability exists in QuickTime's
handling of .m4v files. By enticing a user to access a maliciously
crafted .m4v file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of .m4v files. Credit to Tom Ferris of Security-Protocols.com for
reporting this issue.

QuickTime
CVE-ID: CVE-2007-2394
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Viewing a maliciously crafted SMIL file may lead to an
unexpected application termination or arbitrary code execution
Description: An integer overflow vulnerability exists in QuickTime's
handling of SMIL files. By enticing a user to access a maliciously
crafted SMIL file, an attacker can trigger the issue which may lead
to an unexpected application termination or arbitrary code execution.
This update addresses the issue by performing additional validation
of SMIL files. Credit to David Vaartjes of ITsec Security Services,
working with the iDefense VCP, for reporting this issue.

QuickTime
CVE-ID: CVE-2007-2397
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A design issue exists in QuickTime for Java, which may
allow security checks to be disabled. By enticing a user to visit a
web page containing a maliciously crafted Java applet, an attacker
can trigger the issue which may lead to arbitrary code execution.
This update addresses the issue by performing a more accurate
permissions check. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID: CVE-2007-2393
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A design issue exists in QuickTime for Java. This may
allow Java applets to bypass security checks in order to read and
write process memory. By enticing a user to visit a web page
containing a maliciously crafted Java applet, an attacker can trigger
the issue which may lead to arbitrary code execution. This update
addresses the issue by performing additional validation of Java
applets. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID: CVE-2007-2396
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Visiting a malicious website may lead to arbitrary code
execution
Description: A design issue exists in QuickTime for Java. JDirect
exposes interfaces that may allow loading arbitrary libraries and
freeing arbitrary memory. By enticing a user to visit a web page
containing a maliciously crafted Java applet, an attacker can trigger
the issue which may lead to arbitrary code execution. This update
addresses the issue by removing support for JDirect from QuickTime
for Java. Credit to Adam Gowdiak for reporting this issue.

QuickTime
CVE-ID: CVE-2007-2402
Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later,
Windows Vista, XP SP2
Impact: Visiting a malicious website may lead to the disclosure of
sensitive information
Description: A design issue exists in QuickTime for Java, which may
allow a malicious website to capture a client's screen content. By
enticing a user to visit a web page containing a maliciously crafted
Java applet, an attacker can trigger the issue which may lead to the
disclosure of sensitive information. This update addresses the issue
by performing a more accurate access control check.

Posted by Leo at 23:15 | Permalink

Werbung

TrackBack

TrackBack-Adresse für diesen Eintrag:
http://www.typepad.com/services/trackback/6a00d83451c7b569e200e008d676758834

Listed below are links to weblogs that reference Frisch: iTunes 7.3.1 und QuickTime 7.2 [Update]:

» Aktualisieren, bitte: iTunes 7.3.1, QuickTime 7.2 from Pimp your Mac
Kaum war heut früh der Rechner angeschmissen, meldete er pflichtbewusst neue Softwareaktualisierungen. iTunes 7.3.1, und QuickTime 7.2. Derzeit denke ich bei iTunes-Updates zwar: Brauch ich das, ist doch eh´nur für´s iPhone - aber diesmal nicht. Nicht... [Mehr erfahren]

verlinkt am 12.07.2007 08:50:04

» Lecker Trailers from cappel:nord Blog
Neben einem Quicktime Update, dass endlich den Vollbildmodus im Player ohne Tricks und ohne Pro-Version erlaubt, gab es heute im Apple Trailer RSS Feed 16 neue Trailer zu bestaunen. Besonders gut gefallen haben mir 2 Trailer von THINKFilm, die ich euch... [Mehr erfahren]

verlinkt am 12.07.2007 11:58:20

Kommentare

Feed You can follow this conversation by subscribing to the comment feed for this post.