先日のMacOSX 向けQuickTimeアップデート。Windowsは対応済み?

Apple、QuickTime の脆弱性に対応した Mac OS X 向けのセキュリティアップデートを公開 - インターネットコム
先日、 Apple がQuickTimeの脆弱性にも対応した アップデートをリリースしました


APPLE-SA-2013-05-22-1 QuickTime 7.7.4
About Security Update 2013-003

Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.4

Impact: Playing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

Description:
A buffer overflow existed in the handling of Sorenson encoded movie
files. This issue was addressed through improved bounds checking.

CVE-ID

CVE-2013-1019 : Tom Gallagher (Microsoft) & Paul Bates (Microsoft) working with HP's Zero Day Initiative

    QuickTime

   
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion
v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.4

   
Impact: Playing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution

   
Description: A buffer overflow existed in the handling of H.264 encoded
movie files. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2013-1018 : G. Geshev working with HP's Zero Day Initiative

    QuickTime

   
Available for: Mac OS X 10.6.8, Mac OS X Server 10.6.8, OS X Lion
v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.4

   
Impact: Viewing a maliciously crafted movie file may lead to an
unexpected application termination or arbitrary code execution

   
Description: A buffer underflow existed in the handling of 'mvhd'
atoms. This issue was addressed through improved bounds checking.

    CVE-ID

    CVE-2013-1022 : Andrea Micalizzi aka rgod working with HP's Zero Day Initiative

Windows 版も出るのかなと思ってたんですが、どうやら、Windows 版は2か月前のアップデートで既に対応済みらしい ・ω・

Windows 版の修正が先だなんて珍しいですね

QuickTime 7.7.4 リリース

おすすめ

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です