New version of QuickTime (7.0.3)
Apple announced a new version of QuickTime, 7.0.3 which fixes couple of security vulnerabilities. All of these vulnerabilities can be exploited remotely, by downloading malicious content and range from integer overflows to denial of service attacks.
They also affect both QuickTime on Mac OS X (v10.3.9 or later) and Microsoft Windows 2000, XP.
QuickTime 7.0.3 can be installed via Software Update preferences or downloaded from Apple downloads (http://www.apple.com/support/downloads/quicktime703.html).
For more information visit http://docs.info.apple.com/article.html?artnum=302772.
Thanks to Mike Savory for pointing out that this update was actually released on 12th of October, but the security advisory was released yesterday.
Update - We have received one report from a user that had an early version of Quick - v5x - installed, and he dropped us a note that says "When I selected "Update Existing Software", it said "Your Quick Time software is up to date." So, contrary to the instructions in the article, "installed via Software Update preferences" may not be a viable option and may lead the less skeptical user to believe nothing more needs to be done." Thanks Gary!
They also affect both QuickTime on Mac OS X (v10.3.9 or later) and Microsoft Windows 2000, XP.
QuickTime 7.0.3 can be installed via Software Update preferences or downloaded from Apple downloads (http://www.apple.com/support/downloads/quicktime703.html).
For more information visit http://docs.info.apple.com/article.html?artnum=302772.
Thanks to Mike Savory for pointing out that this update was actually released on 12th of October, but the security advisory was released yesterday.
Update - We have received one report from a user that had an early version of Quick - v5x - installed, and he dropped us a note that says "When I selected "Update Existing Software", it said "Your Quick Time software is up to date." So, contrary to the instructions in the article, "installed via Software Update preferences" may not be a viable option and may lead the less skeptical user to believe nothing more needs to be done." Thanks Gary!
Keywords:
0 comment(s)
F-Prot Anti-Virus Scanning Engine Bypass
An vulnerability has been reported in some versions of F-Prot Anti-Virus. The advisory is referenced below. Exploit code is reported to be available. Though it doesn't look like it would be difficult to create a zip file with a version header value greater than 15.
http://securitytracker.com/alerts/2005/Nov/1015148.html
Update:
Full information can be found here: (Thanks Thierry)
http://thierry.sniff-em.com/research/fprot.html
Reportedly Vulnerable Versions/Platforms:
TBD
Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.
Other recent bypass issues:
WebRoot Desktop Firewall:
http://secwatch.org/advisories/1011804
Sophos:
http://www.securitytracker.com/alerts/2005/Oct/1015025.html
Symantec:
http://www.securitytracker.com/alerts/2005/Oct/1015027.html
Kaspersky:
http://www.securitytracker.com/alerts/2005/Oct/1015024.html
Zone-Alarm:
http://www.net-security.org/vulnerability.php?id=20275
http://download.zonelabs.com/bin/free/securityAlert/35.html
http://securitytracker.com/alerts/2005/Nov/1015148.html
Update:
Full information can be found here: (Thanks Thierry)
http://thierry.sniff-em.com/research/fprot.html
Reportedly Vulnerable Versions/Platforms:
TBD
Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.
Other recent bypass issues:
WebRoot Desktop Firewall:
http://secwatch.org/advisories/1011804
Sophos:
http://www.securitytracker.com/alerts/2005/Oct/1015025.html
Symantec:
http://www.securitytracker.com/alerts/2005/Oct/1015027.html
Kaspersky:
http://www.securitytracker.com/alerts/2005/Oct/1015024.html
Zone-Alarm:
http://www.net-security.org/vulnerability.php?id=20275
http://download.zonelabs.com/bin/free/securityAlert/35.html
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments