[<prev] [next>] [day] [month] [year] [list]
Message-id: <2C4ECAB9-DB6D-4260-A098-448886CA3EED@lists.apple.com>
Date: Tue, 30 Jun 2015 15:30:54 -0700
From: Apple Product Security <product-security-noreply@...ts.apple.com>
To: security-announce@...ts.apple.com
Subject: APPLE-SA-2015-06-30-5 QuickTime 7.7.7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2015-06-30-5 QuickTime 7.7.7
QuickTime 7.7.7 is now available and addresses the following:
QT Media Foundation
Available for: Windows 7 and Windows Vista
Impact: Processing a maliciously crafted file may lead to an
unexpected application termination or arbitrary code execution
Description: Multiple memory corruption issues existed in QuickTime.
These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-3661 : G. Geshev working with HP's Zero Day Initiative
CVE-2015-3662 : kdot working with HP's Zero Day Initiative
CVE-2015-3663 : kdot working with HP's Zero Day Initiative
CVE-2015-3664 : Andrea Micalizzi (rgod) working with HP's Zero Day
Initiative
CVE-2015-3665 : WanderingGlitch of HP's Zero Day Initiative
CVE-2015-3666 : Steven Seeley of Source Incite working with HP's Zero
Day Initiative
CVE-2015-3667 : Ryan Pentney, Richard Johnson of Cisco Talos and Kai
Lu of Fortinet's FortiGuard Labs
CVE-2015-3668 : Kai Lu of Fortinet's FortiGuard Labs
CVE-2015-3669 : kdot working with HP's Zero Day Initiative
QuickTime 7.7.7 may be obtained from the QuickTime Downloads site:
http://www.apple.com/quicktime/download/
You may also update to the latest version of QuickTime via Apple
Software Update, which can be found in the Start menu.
Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJVkxVvAAoJEBcWfLTuOo7tuGoP/3oURL1tC5dv/+ZDKV/nI9Ug
WOJoeVUIT662wG7JLEEnhS94VAlChogFcgXNIrms72ApocBMxj81NIsjIjJPqmbg
3UgOHVcA7xYCUTvm5Q3Cj4zZRJ14J47GLu3On1bLtpFPcQRsAyeMIwtbawt6vYoB
qiQ7rYvtT02/SBXor0RojmIuo4kMZz2twpjZHGf5aOu/0CzuzA/TPJ1FRALWmvGx
rIy4bS0QPqbzg7A/TT+1X9e7pCdY/Hmn3GMFBk3cX0cLfQN8XHxMU/JJ8ja7vbl4
LfB9xuy6CJL9S1w6W/U5/4WVb5k5AXb9mF1KsfxffBGZnOqLxMGWlbr9holSBRfh
/BRbaLhNG9DQ9DMO9i7sjdFs3uVM9U3M0G/0TPed2+S8WBOgac+x9OCpM3u9aOjP
3nWiA4WDsurl8DFdZwt5mAi+OoocYQARS4g+JghVkBZ982MXGeisamqyec3BQVzs
i75lzDBPp6pW+TJj0GlEFTa2qf/n3YsL5au6RubFHb62qNq7SmmNj0GmBVddZIDd
I3TZ72sqievGv0UMMzYhIWeZCUJmSpsr2tJ9pkdH8SkmsEClGJHtwOscevQIhqPz
WfhRPgPmGE/0QBtDHRciVWxJ9jfH4AG79+69FqEE1QIew/+/hZcK0IJyttqOVli7
3l2PXTYo9ZOODysgzAFn
=Srvg
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists