[APPZ UPDATE]QuickTime 7.3.1升級發布

Junne

Apple has released QuickTime 7.3.1, which addresses a number of security issues. The release is available for Windows, Leopard (10.5), Tiger (10.4), and Panther (10.3) and available in your software update. This update is recommended for all QuickTime 7 users and addresses a widely publicized security flaw in QuickTime revealed by Symantec. Details of this and other security fixes are listed in this support document.

解決了一些安全的問題,默認的系統更新及可以更新這個patch 詳細的修正list如下

QuickTime 7.3.1 QuickTime CVE-ID: CVE-2007-6166 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted RTSP movie may lead to an unexpected application termination or arbitrary code execution Description: A buffer overflow exists in QuickTime's handling of Real Time Streaming Protocol (RTSP) headers. By enticing a user to view a maliciously crafted RTSP movie, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by ensuring that the destination buffer is sized to contain the data. QuickTime CVE-ID: CVE-2007-4706 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Viewing a maliciously crafted QTL file may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in QuickTime's handling of QTL files. By enticing a user to view a maliciously crafted QTL file, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. QuickTime CVE-ID: CVE-2007-4707 Available for: Mac OS X v10.3.9, Mac OS X v10.4.9 or later, Mac OS X v10.5 or later, Windows Vista, XP SP2 Impact: Multiple vulnerabilities in QuickTime's Flash media handler Description: Multiple vulnerabilities exist in QuickTime's Flash media handler, the most serious of which may lead to arbitrary code execution. With this update, the Flash media handler in QuickTime is disabled except for a limited number of existing QuickTime movies that are known to be safe. Credit to Tom Ferris of Adobe Secure Software Engineering Team (ASSET), Mike Price of McAfee Avert Labs, and security researchers Lionel d'Hauenens & Brian Mariani of Syseclabs for reporting this issue.

★★★

 

 

 

arthur_fish

全英文 看的有点吃力

Junne

原帖由 51ed 于 2007-12-14 15:07 发表 QuickTime很好吗？装威力导演也要装

mac上面沒有你講的那個導演的軟件的.而且這種集成的decode,很雜

Junne

原帖由 arthur_fish 于 2007-12-14 16:07 发表 全英文 看的有点吃力

僅僅是休整bug的,沒有什麼看的明白看不明白的問題,就想windows的update,我們也很少的去看詳細的list的呀

mxs0406

quicktime的插件，经常被要求装的。

a01234567

全英文

章丘雪铁龙

从哪找这么多消息啊还全是英文