CyTRAP Labs - Wincurity - smarter protection

Apple has issued an important security patch for Quicktime that fixes several critical vulnerabilities (Please click on the link, choose Login as guest - click on this link again and voila free access)

If you have default Update installed with the program, the latest version should be downloadd automatically next time you log onto the internet (for more details see below)

This vulnerabilitiy exposes you to a risk that we rate as follows:

CyTRAP Labs security risk barometer - 4 = critical
low	elevated	moderate- ly critical	critical	severe
1	2	3	4	5

For more information and explanations about the CyTRAP Labs risk barometer you can visit here: CyTRAP Labs security risk barometer

WHAT CAN YOU DO?

operating system affected	Windows XP and Vista, Apple Leopard, Tiger, Panther
affected software	Quicktime - all prior versions to 7.3 iTunes - Quicktime is part of iTunes Hence, since Quicktime is part of iTunes, you have to upgrade iTunes if you use that software
risk	rating given for these vulnerabilities is a 4 (four)
where is the patch?	depending upon the operating system you run: Quicktime - download Version 7.3 for Windows Quicktime - download Version 7.3 for Apple iTunes - download iTunes Version 7.5 for Windows - 45MB iTunes - choose the right iTunes Version 7.5 for your Apple computer
what should one do?	The Software Update preference pane is set to automatically check by default if you have the latest version installed.Hence, once you go onto the internet, the latest version should be downloaded automatically, if you are not sure, read below we tell you how to check and download manually if need be - quick and easy.
how can I check that I do have the latest version installed	click About Quicktime from the Help menu this shows which version runs on your machine
not patching the vulnerability could cause what kind of damage to my PC? DO NOT OPEN IMAGES, MOVIES, ETC. from untrusted sources	1 could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious movie2 can allow untrusted Java applets to obtain elevated privileges and disclose sensitive user information or result in arbitrary code being executed on your machine without your authorization. 3 more nasty things…
where can one get more details from the vendor?	vendor Apple has issued a security bulletin
where can you get more technical information about the vulnerabilities	CVE-2007-2395, CVE-2007-3750, CVE-2007-3751, CVE-2007-4672, CVE-2007-4675, CVE-2007-4676, CVE-2007-4677
release date from vendor	2007-11-05

SUBSCRIPTIONTo make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.

Your email:  
subscribe unsubscribe  

affected software, apple computer, attackers, CASEScontact.org, computer virus, CVE 2007 2395, CVE 2007 3750, CVE 2007 3751, CVE 2007 4672, CVE 2007 4675, CVE 2007 4676, CVE 2007 4677, CyTRAP labs, cytrap labs analytica services, CyTRAP Labs Choice, cytrap labs compliance risk barometer, CyTRAP Labs Early Warning System EWS, cytrap labs infosec risk barometer, CyTRAP Labs quicktip, cytrap labs size of risk impact guide, CyTRAP Labs tip, data security, free tool, freeware, glossary, home computer security, home PC information security, identity theft, InfoSec, Infosys, internet security, iTunes, keylogger, latest version, malware, modularly designed malware, open images, operating system, panther, PC network protection, Privacy, quicktime vulnerabilities, quicktime download, security patch, security risk, software update, spam, spyware, tiger, trust, urs+nahums security checklist, Vulnerabilities, Windows Vista, Windows XP

This entry was posted on Tuesday, November 6th, 2007 at 9:49 and is filed under

Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.