Apple's QuickTime for Java May Let Remote Users Access the System
|
|
SecurityTracker Alert ID: 1008027
|
|
CVE Reference: CAN-2003-0871
(Links to External Site)
|
Date: Oct 29 2003
|
Impact: User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: An unspecified vulnerability was reported in Apple's QuickTime for Java. A remote user may be able to gain access to the target system.
Apple reported that an unauthorized user may be able to access the system. No details were provided.
According to the report,
QuickTime for Java in Mac OS X v10.3 and Mac OS X Server v10.3 is affected, but previous versions are not affected.
|
Impact: A remote user may be able to gain access to the system.
|
Solution: The vendor has released a fixed version as part of Security Update 2003-10-28, available at:
* Software Update pane in System
Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120266
The download file is
named: "SecurityUpd2003-10-28.dmg"
Its SHA-1 digest is: 057243959189a3f0fcffca6fa384698f9213cd31
|
Vendor URL: www.apple.com/quicktime/qtjava/ (Links to External Site)
|
Cause: Not specified
|
Underlying OS: UNIX (OS X)
|
Underlying OS Comments: 10.3 Only
|
Reported By: Apple Product Security <product-security@apple.com>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 28 Oct 2003 13:58:21 -0800
From: Apple Product Security <product-security@apple.com>
Subject: APPLE-SA-2003-10-28 Security Update 2003-10-28
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
APPLE-SA-2003-10-28 Security Update 2003-10-28
Security Update 2003-10-28 is available.
It addresses CAN-2003-0871 a potential vulnerability in the
implementation of QuickTime Java in Mac OS X v10.3 and Mac OS X Server
v10.3 that could allow unauthorized access to a system.
The issue does not exist in earlier versions of Mac OS X or Mac OS X
Server.
================================================
Security Update 2003-10-28 may be obtained from:
* Software Update pane in System Preferences
* Apple's Software Downloads web site:
http://www.info.apple.com/kbnum/n120266
The download file is named: "SecurityUpd2003-10-28.dmg"
Its SHA-1 digest is: 057243959189a3f0fcffca6fa384698f9213cd31
Information will also be posted to the Apple Product Security web
site:
http://www.apple.com/support/security/security_updates.html
This message is signed with Apple's Product Security PGP key, and
details are available at:
http://www.apple.com/support/security/security_pgp.html
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQEVAwUBP57lg3eI0z6bzFr0AQItgAf/cSFZ9tJr3YVZFRpodupIC3AlJ6LnsFgL
kkQ6LVKBY7FeZUpFe05JDN0jzpuuCMhFs5NksvzCpKxWGaE/+IRbETwdq1vplDWC
dyfgxyvbVFoOfmRVZeLU8CAw5ulSO0/GGX1x1tm8kN6qDoMYfcRopWsLm3ECBzUz
V39qgr3XvLlcbb4P4+E0yPIQLsylkql6Ox24N309QaTIW5BO4VuYynIKQLegWjDU
sRVNdRifO5gpW2x53XR+aPsmIvkaIQvTRlZ7Rylnuhd2V6hQ9C3yXB6f7s161aoF
596Pi1FW6uUTNafcaBrITSydHAPb1Roi20NbhkS1zh7fgTJGEwByBw==
=eIOL
-----END PGP SIGNATURE-----
_______________________________________________
security-announce mailing list | security-announce@lists.apple.com
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/security-announce
Do not post admin requests to the list. They will be ignored.
|
|
