tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesMultiple Vulnerabilities in Apple QuickTime Could Allow Remote Code Execution

Multiple Vulnerabilities in Apple QuickTime Could Allow Remote Code Execution

MS-ISAC ADVISORY NUMBER:

2015-103

DATE(S) ISSUED:

08/20/2015

OVERVIEW:

Multiple vulnerabilities have been discovered in Apple QuickTime. QuickTime is a multimedia application that is capable of playing video, sound, and image files. These vulnerabilities can be exploited if a user opens a specially crafted file, including an email attachment. Successful exploitation could result in unexpected application crashes and remote code execution within the context of the application. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

THREAT INTELLIGENCE:

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Apple QuickTime 7 Prior To 7.7.8 for Microsoft Windows 7 and Windows Vista


RISK:

Goverment:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

Multiple memory-corruption vulnerabilities have been discovered in Apple QuickTime 7 that could allow for remote code execution. These vulnerabilities can be exploited if a user opens a specially crafted file, including an email attachment. (CVE-2015-3772, CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751), CVE-2015-5785, CVE-2015-5786)

Successful exploitation could result in unexpected application crashes and remote code execution within the context of the application. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate updates provided by Apple to vulnerable systems immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to download, accept, or execute files from un-trusted or unknown sources.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Information Hub: Advisories