Summary:  System Administrators, Desktop Support Personnel, Quicktime Users

Summary:  On January 10 2006 Apple announced the release of a new version (7.0.4) of its popular Quicktime Media Player.  This new version of Quicktime addresses a number of security vulnerabilities.  Exploitation of these vulnerabilities could result in remote code execution and therefore should be considered as critical in nature.  Apple is stating that the update is "highly recommended for all QuickTime 7 users".

Recommended Actions:  Persons who manage, maintain or use Quicktime are encouraged to read the Security Summary (including any associated caveats, system requirements, etc) and (if appropriate) apply the upgrade as per the instructions provided by the vendor.  See the NOTE section below for special considerations pertaining to Microsoft Windows installations.

NOTE:  As of this writing (1:30 PM 1/11/06) the in-application software upgrade process contained in Quicktime (Help>Update Existing Software...) does not appear to be functioning properly for instances of Quicktime running on Microsoft Windows Operating Systems.  Furthermore, the Main "Free Download" button on the primary Windows Quicktime Web Site  ( http://www.apple.com/quicktime/win.html) is reportedly providing the vulnerable Quicktime version 7.0.3 and also bundling the iTunes service into the download.  At the present time Windows users who wish to upgrade their Quicktime installation immediately and/or opt out of the iTunes bundle should install the "standalone" version of QuickTime 7.0.4 via the Apple downloads web Site ( http://www.apple.com/quicktime/download/standalone.html ).

ITS Actions: At this time, ITS is taking no specific additional actions to address this software release.

Resources:

STANDALONE Quicktime Download Page for Windows Users:
http://www.apple.com/quicktime/download/standalone.html