업데이트 : Apple QuickTime 7.7 (1680.34)

Apple사에서 제공하는 멀티미디어 플레이어(플러그인) Apple QuickTime 제품의 보안 취약점을 해결한 Apple QuickTime 7.7 (1680.34) 버전이 공개되었습니다.

• About the security content of QuickTime 7.7

이번 버전에서는 14건의 보안 취약점과 관련된 패치가 포함되어 있으며, 세부적인 내용은 다음과 같습니다.

1. CVE-2011-0186 : Viewing a maliciously crafted JPEG2000 image with QuickTime may lead to an unexpected application termination or arbitrary code execution
2. CVE-2011-0187 : Visiting a maliciously crafted website may lead to the disclosure of video data from another site
3. CVE-2011-0209 : Playing a maliciously crafted WAV file may lead to an unexpected application termination or arbitrary code execution
4. CVE-2011-0210 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
5. CVE-2011-0211 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
6. CVE-2011-0213 : Viewing a maliciously crafted JPEG file may lead to an unexpected application termination or arbitrary code execution
7. CVE-2011-0245 : Viewing a maliciously crafted pict file may lead to an unexpected application termination or arbitrary code execution
8. CVE-2011-0246 : Viewing a maliciously crafted GIF image may lead to an unexpected application termination or arbitrary code execution
9. CVE-2011-0247 : Viewing a maliciously crafted H.264 movie file may lead to an unexpected application termination or arbitrary code execution
10. CVE-2011-0248 : Visiting a maliciously crafted website using Internet Explorer may lead to an unexpected application termination or arbitrary code execution
11. CVE-2011-0249 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
12. CVE-2011-0250 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
13. CVE-2011-0251 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
14. CVE-2011-0252 : Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

해당 취약점은 QuickTime 프로그램을 이용하여 악의적으로 조작된 이미지(JPEG2000, GIF 등), 동영상(H.264 등), 사운드(WAV) 파일 포멧을 실행할 경우 원격 코드 실행 또는 응용 프로그램 종료가 발생하는 문제를 해결하였습니다.

또한 Internet Explorer 웹 브라우저를 이용한 악성 웹 사이트 접속시 원격 코드 실행이 가능한 문제를 해결하였습니다.

그러므로 Apple QuickTime 소프트웨어를 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 이용하시기 바랍니다.