Alert Number:  020708-02
Alert Date:  02/07/08
Alert Title:  Quicktime update addresses vulnerability
Update-to:  None.
OS/Platform/Application:  Apple Quicktime all versions older than 7.4.1 on all applicable platforms
Category:  ALERT
Severity:  MEDIUM
Attention:  System Administrators, Desktop Support Personnel, Quicktime users

Summary:  On January 6 2008 Apple released version 7.4.1 of its popular Quicktime media player application.  Version 7.4.1 fixes a security vulnerability that could be exploited if an unpatched system were to visit a website that is hosting maliciously-crafted software*.  Successful exploitation of a vulnerable computer could result in application crash or system takeover.  *It is important to note that recent research into the nature and trends of malware has shown that the majority of websites hosting maliciously-crafted software are in fact ones which users presume to be "legitimate" sites.  The fact that dangerous software may be hiding within seemingly innocuous websites makes it vitally important to patch all vulnerable software on any system as soon as patches are made available from the vendor.  In cases where a patch is not yet available users should consider any website and/or media file that they visit or handle as a potential source of compromise for their computer systems.

Recommended Actions:  System administrators, support personnel and Quicktime users are encouraged to read the security advisory and apply the update as soon as possible (safe links provided below).   Readers are encouraged to share this alert with family, friends, and associates who may use Quicktime on their home computers.

ITS Actions:  N/A

Resources:

Quicktime 7.4.1 Security Content Page:
http://docs.info.apple.com/article.html?artnum=307407

Apple Downloads page:
http://docs.info.apple.com/article.html?artnum=61798