« Adobe CS3 wird am 27. März (nur) vorgestellt [Update] | Start | Kurzer Blick auf iTunes 7.1 »

5.03.2007

iTunes 7.1 und QuickTime 7.1.5 [Update]

Apple veröffentlichte gerade iTunes 7.1 und QT 7.1.5. Beide sind über die Softwareaktualisierung erhältlich oder per apple.com. iTunes 7.1 (für Mac OS X 28MB und Windows XP+2000 36,1MB) bringt Apple TV-Unterstützung und Cover Flow im Vollbildmodus. QuickTime 7.1.5 (für Mac OS X 41,4MB und Windows XP+2000 18,6MB) erhält zahlreiche nicht näher spezifizierte Fehlerbehebungen und beseitigt etliche kritische Sicherheitslücken, Details dazu nach dem Klick. Die QT-Aktualisierung erfordert einen Neustart.
Update: iTunes 7.1 wurde halbwegs Vista-tauglich gemacht: «iTunes 7.1 is recommended for use with most editions of Windows Vista, however, Apple is actively working with Microsoft to resolve a few remaining known issues», schreibt Apple in einem Supportdokument.

QuickTime
CVE-ID: CVE-2007-0711
Available for: Windows Vista/XP/2000
Impact: Viewing a maliciously-crafted 3GP file may lead to an
application crash or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling
of 3GP video files. By enticing a user to open a malicious
movie, an attacker can trigger the overflow, which may lead
to an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of 3GP
video files. This issue does not affect Mac OS X. Credit to JJ
Reyes for reporting this issue.

QuickTime
CVE-ID: CVE-2007-0712
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Viewing a maliciously-crafted MIDI file may lead to an
application crash or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's
handling of MIDI files. By enticing a user to open a malicious
MIDI file, an attacker can trigger the overflow, which may lead
to an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of MIDI
files. Credit to Mike Price of McAfee AVERT Labs for reporting
this issue.

QuickTime
CVE-ID: CVE-2007-0713
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Viewing a maliciously-crafted Quicktime movie file may
lead to an application crash or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's
handling of QuickTime movie files. By enticing a user to access
a maliciously-crafted movie, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QuickTime movies. Credit to Mike Price
of McAfee AVERT Labs, Piotr Bania, and Artur Ogloza (Czestochowa,
Poland) for reporting this issue.

QuickTime
CVE-ID: CVE-2007-0714
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Viewing a maliciously-crafted Quicktime movie file may
lead to an application crash or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling
of UDTA atoms in movie files. By enticing a user to access a
maliciously-crafted movie, an attacker can trigger the overflow,
which may lead to an application crash or arbitrary code
execution. This update addresses the issue by performing
additional validation of QuickTime movies. Credit to Sowhat of
Nevis Labs, and an anonymous researcher working with TippingPoint
and the Zero Day Initiative for reporting this issue.

QuickTime
CVE-ID: CVE-2007-0715
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Viewing a maliciously-crafted PICT file may lead to an
application crash or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's
handling of PICT files. By enticing a user to open a malicious
PICT image file an attacker can trigger the overflow, which may
lead to arbitrary code execution. This update addresses the
issue by performing additional validation of PICT files. Credit
to Mike Price of McAfee AVERT Labs for reporting this issue.

QuickTime
CVE-ID: CVE-2007-0716
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description: A stack buffer overflow exists in QuickTime's
handling of QTIF files. By enticing a user to access a
maliciously-crafted QTIF file, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QTIF files. Credit to Mike Price of
McAfee AVERT Labs for reporting this issue.

QuickTime
CVE-ID: CVE-2007-0717
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description: An integer overflow exists in QuickTime's handling
of QTIF files. By enticing a user to access a maliciously-crafted
QTIF file, an attacker can trigger the overflow, which may lead to
an application crash or arbitrary code execution. This update
addresses the issue by performing additional validation of QTIF
files. Credit to Mike Price of McAfee AVERT Labs for reporting
this issue.

QuickTime
CVE-ID: CVE-2007-0718
Available for: Mac OS X v10.3.9 and later, Windows Vista/XP/2000
Impact: Opening a maliciously-crafted QTIF file may lead to an
application crash or arbitrary code execution
Description: A heap buffer overflow exists in QuickTime's
handling of QTIF files. By enticing a user to access a
maliciously-crafted QTIF file, an attacker can trigger the
overflow, which may lead to an application crash or arbitrary
code execution. This update addresses the issue by performing
additional validation of QTIF files. Credit to Ruben Santamarta
working with the iDefense Vulnerability Contributor Program, and
JJ Reyes for reporting this issue.

Posted by Leo at 22:31 | Permalink

TrackBack

TrackBack-Adresse für diesen Eintrag:
https://www.typepad.com/services/trackback/6a00d83451c7b569e200d8351faf6369e2

Listed below are links to weblogs that reference iTunes 7.1 und QuickTime 7.1.5 [Update]: