반응형
Apple iTunes & QuickTime 제품에 대한 업데이트 버전이 공개되었습니다.
특히 QuickTime 버전에서는 10개의 보안 취약점이 수정되었으므로 사용하시는 분들은 반드시 업데이트를 하시기 바랍니다.
1. Apple iTunes 8.2
특히 QuickTime 버전에서는 10개의 보안 취약점이 수정되었으므로 사용하시는 분들은 반드시 업데이트를 하시기 바랍니다.
1. Apple iTunes 8.2
CVE-ID : CVE-2009-0950
Available for : Mac OS X v10.4.10 or later, Mac OS X Server v10.4.10 or later, Windows Vista, XP SP2 or later
Impact : Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
Description : A stack buffer overflow exists in iTunes when parsing "itms:" URLs. Accessing a maliciously crafted "itms:" URL may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Will Drewry for reporting this issue.
해당 제품의 다운로드는 여기에서 받으시기 바랍니다.
2. Apple QuickTime 7.6.2
해당 제품의 다운로드는 여기에서 받으시기 바랍니다.
2. Apple QuickTime 7.6.2
(1) CVE-ID : CVE-2009-0188
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description : A memory corruption issue exists in QuickTime's handling of Sorenson 3 video files. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of Sorenson 3 video files. Credit to Carsten Eiram of Secunia Research for reporting this issue.
(2) CVE-ID : CVE-2009-0951
(2) CVE-ID : CVE-2009-0951
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in the handling of FLC compression files. Opening a maliciously crafted FLC compression file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
(3) CVE-ID : CVE-2009-0952
(3) CVE-ID : CVE-2009-0952
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution
Description : A buffer overflow may occur while processing a compressed PSD image. Opening a maliciously crafted compressed PSD file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
(4) CVE-ID : CVE-2009-0010
(4) CVE-ID : CVE-2009-0010
Available for : Windows Vista and XP SP3
Impact : Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
Description : An integer underflow in QuickTime's handling of PICT images may result in a heap buffer overflow. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative, and Chris Ries of Carnegie Mellon University Computing Services for reporting this issue.
(5) CVE-ID : CVE-2009-0953
(5) CVE-ID : CVE-2009-0953
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in QuickTime's handling of PICT images. Opening a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of PICT images. Credit to Sebastian Apelt working with TippingPoint's Zero Day Initiative for reporting this issue.
(6) CVE-ID : CVE-2009-0954
Available for : Windows Vista and XP SP3
Impact : Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
(7) CVE-ID : CVE-2009-0185
(6) CVE-ID : CVE-2009-0954
Available for : Windows Vista and XP SP3
Impact : Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in QuickTime's handling of Clipping Region (CRGN) atom types in a movie file. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect Mac OS X systems. Credit to an anonymous researcher working with TippingPoint's Zero Day Initiative for reporting this issue.
(7) CVE-ID : CVE-2009-0185
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in the handling of MS ADPCM encoded audio data. Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Alin Rad Pop of Secunia Research for reporting this issue.
(8) CVE-ID : CVE-2009-0955
(8) CVE-ID : CVE-2009-0955
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Opening a maliciously crafted video file may lead to an unexpected application termination or arbitrary code execution
Description : A sign extension issue exists in QuickTime's handling of image description atoms. Opening a maliciously crafted Apple video file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of description atoms. Credit to Roee Hay of IBM Rational Application Security Research Group for reporting this issue.
(9) CVE-ID : CVE-2009-0956
(9) CVE-ID : CVE-2009-0956
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Viewing a movie file with a maliciously crafted user data atom may lead to an unexpected application termination or arbitrary code execution
Description : An uninitialized memory access issue exists in QuickTime's handling of movie files. Viewing a movie file with a zero user data atom size may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of movie files, and presenting a warning dialog to the user. Credit to Lurene Grenier of Sourcefire, Inc. (VRT) for reporting this issue.
(10) CVE-ID : CVE-2009-0957
(10) CVE-ID : CVE-2009-0957
Available for : Mac OS X v10.4.11, Mac OS X v10.5.7, Windows Vista and XP SP3
Impact : Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution
Description : A heap buffer overflow exists in QuickTime's handling of JP2 images. Viewing a maliciously crafted JP2 image may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit to Charlie Miller of Independent Security Evaluators, and Damian Put working with TippingPoint's Zero Day Initiative for reporting this issue.
해당 제품의 다운로드는 여기에서 받으시기 바랍니다.
해당 제품의 다운로드는 여기에서 받으시기 바랍니다.
728x90
반응형