There is no mention of security issues with Flash in the security KB
article:
Well... the security issues are with QT itself, hence 7.1.3....
Gary
______________________________________________
QuickTime Vulnerabilities
National Cyber Alert System
Cyber Security Alert SA06-256A
Apple QuickTime Vulnerabilities
Original release date: September 13, 2006
Last revised: --
Source: US-CERT
Systems Affected
Apple QuickTime for
* Apple Mac OS X
* Microsoft Windows
Overview
Apple has released Apple QuickTime 7.1.3 to correct several
vulnerabilities. These vulnerabilities could allow an attacker to
gain access to your computer.
Solution
Install an Update
OS X users should use the Mac OS X Software Update feature to
download and install Apple QuickTime 7.1.3. Consider scheduling
Software Update to check for updates automatically (this option
is enabled by default).
Microsoft Windows users should upgrade to Apple QuickTime 7.1.3.
Description
QuickTime prior to version 7.1.3 has multiple image and media
file handling vulnerabilities that could allow an attacker to run
malicious programs on your computer. This could happen by
visiting a malicious web site. Upgrading to Apple QuickTime
version 7.1.3 will correct these vulnerabilities.
Note that QuickTime is included with Apple iTunes.
For more technical information, see US-CERT Technical Alert
TA06-256A and the Apple QuickTime Security Update.
References
* US-CERT Technical Alert TA06-256A -
<http://www.us-cert.gov/cas/techalerts/TA06-256A.html>
* Vulnerability Notes for QuickTime 7.1.3 -
<http://www.kb.cert.org/vuls/byid?searchview&query=QuickTime_713>
* About the security content of the QuickTime 7.1.3 Update -
<http://docs.info.apple.com/article.html?artnum=304357>
* Apple QuickTime 7.1.3 -
<http://www.apple.com/support/downloads/quicktime713.html>
* Standalone Apple QuickTime Player -
<http://www.apple.com/quicktime/download/standalone.html>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Mac OS X: Updating your software -
<http://docs.info.apple.com/article.html?artnum=106704>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA06-256A.html>
On Sep 13, 2006, at 4:37 AM, Chris Little wrote:
on 9/13/06 12:05 AM, Phil M at [EMAIL PROTECTED] wrote:
On Sep 12, 2006, at 8:10 PM, Joe Huber wrote:
Maybe this is related to the Eolas patent.
Interesting, and quite odd that a Checkbox is all that's needed to
comply...
Could it be possible that Apple choose to do this because of a
Security risk?
Apple's knowledge base article says:
The version of Flash that ships in QuickTime is older than the version
available from Adobe and used in Safari, therefore, while we still
ship
Flash with QuickTime, it is turned off by default.
http://docs.info.apple.com/article.html?artnum=304341
There is no mention of security issues with Flash in the security KB
article:
http://docs.info.apple.com/article.html?artnum=304357
Chris
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives of this list here:
<http://support.realsoftware.com/listarchives/lists.html>
