Alert Number:  011608-01
Alert Date:  01/16/08
Alert Title:  New Quicktime patch addresses multiple vulnerabilities
Update-to:  None.
OS/Platform/Application:  Apple QuickTime < version 7.4 on all applicable operating systems
Category:  ALERT
Severity:  HIGH
Attention:  System Administrators, Desktop Support Personnel, QuickTime users

Summary:  Apple released version 7.4 of its popular Quicktime media player application on January 15 2008.  Version 7.4 addresses four security vulnerabilities; visitation of a malicious website or viewing a malicious movie or picture file are the most likely mechanisms of exploit for these vulnerabilities and could result in crashing of the application or takeover of a vulnerable system. 

Please NOTE that at this time another recently-disclosed Quicktime vulnerability (detailed in ALARM alert 011108-01 "*UNPATCHED* Vulnerability in QuickTime"):

http://www.albany.edu/its/alerts_archive_2008_011108-01.htm

does not appear to be resolved by version 7.4. 

Recommended Actions:   System Administrators and QuickTime users are encouraged to read the security bulletin (safe links provided below) and (if appropriate) apply the patch as soon as possible. 

Readers are encouraged to share this alert with family, friends, and associates who may use QuickTime on their home PCs.

ITS Actions:  N/A

Resources:

Apple Quicktime 7.4 Security Content page:
http://docs.info.apple.com/article.html?artnum=307301
 
Apple Downloads page:
http://www.apple.com/support/downloads/