[MACEP] New at ftp.mesd--Security Update 2007-001
John Bromley
the.bromleys at verizon.net
Thu Jan 25 09:49:16 PST 2007
The following files are new or updated in the /pub/mac directory of
the FTP server located at:
ftp://ftp.mesd.k12.or.us/pub/mac/.
Security Update 2007-001
Tiger version (for Mac OS X 10.4.8 and QuickTime 7.1.3
ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2007001Ti.dmg
Panther version for Mac OS X 10.3.9 with QuickTime 7.1.3.
ftp://ftp.mesd.k12.or.us:21//pub/mac/SecUpd2007001Pan.dmg
Apple posted yesterday Security Update 2007-001, addressing a serious
QuickTime vulnerability in a Tiger version for Mac OS X 10.4.8 and
QuickTime 7.1.3 and a Panther version for Mac OS X 10.3.9 with
QuickTime 7.1.3.
Impact: Visiting malicious websites may lead to arbitrary code execution
Description: A buffer overflow exists in QuickTime's handling of RTSP
URLs. By enticing a user to access a maliciously-crafted RTSP URL, an
attacker can trigger the buffer overflow, which may lead to arbitrary
code execution. This update addresses the issue by performing
additional validation of RTSP URLs.
About Security Update 2007-001
Security Update 2007-001 is recommended for all users and improves
the security of QuickTime.
--
John Bromley
(503) 668-3332
"Even if you're on the right track, you'll get run over if you just
sit there." ----- Will Rogers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mesd.k12.or.us/pipermail/macep/attachments/20070125/69d82b1e/attachment.html
More information about the MACEP
mailing list