Alert Number: 121407-01
Alert Date:  12/14/07
Alert Title:  Quicktime 7.3.1 addresses fixes multiple security vulnerabilities
Update-to:  112607-01 "*UNPATCHED* vulnerability affects iTunes and Quicktime users"
OS/Platform/Application:
Apple Quicktime on Microsoft Windows Vista
Apple Quicktime on Microsoft XP
Apple Quicktime on MAC OS X v10.5 or later
Apple Quicktime on MAC OS X v10.4.9 or later
Apple Quicktime on MAC OS X v10.3.9
Apple iTunes (Quicktime is a component of iTunes)*
Category:  ALERT
Severity:  HIGH
Attention:  System Administrators, Desktop Support Personnel, Quicktime and iTunes users.

Summary:  On December 13 2007 Apple released version 7.3.1 of its popular Quicktime Media player application.  Version 7.3.1 addresses three security vulnerabilities,including one detailed in ALARM Alert 112607-01 on November 26 2007.  The most likely mechanism of exploit for these vulnerabilities is the viewing of maliciously-crafted media files (in a variety of different formats) by unsuspecting users.

*Please note that QuickTime is a component of Apple iTunes.  According to at least one Internet Security resource, the relationship between QuickTime and iTunes may make iTunes installations vulnerable to these exploits as well.

Recommended Actions:   System Administrators and iTunes/Quicktime users are encouraged to read the security update information (safe links provided below) and (if appropriate) install the updated version of this software as soon as possible.

Readers are encouraged to share this alert with family, friends, and associates who may use Quicktime or iTunes on their home PCs.

ITS Actions:  N/A

Resources:

Quicktime 7.3.1 security content information:
http://docs.info.apple.com/article.html?artnum=307176

Apple Downloads page:
http://www.apple.com/support/downloads/

SANS advisory:
http://isc.sans.org/diary.html?storyid=3746

Secunia advisory:
http://secunia.com/advisories/28092/

ALARM Alert 112607-01:
http://www.albany.edu/its/alerts_archive_2007_112607-01.htm