ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  030607-01 Alert Date:  03/06/07 Alert Title:  Apple Releases QuickTime 7.1.5 Update-to:   None OS/Platform/Application:   Apple Quicktime on Mac Apple Quicktime on Microsoft Windows Category:  ALERT Severity:  MEDIUM Attention:  System Administrators, Desktop Support Personnel, Quicktime Users

Summary:   On March 5 2007 Apple announced the release of a new version (7.1.5) of its popular Quicktime Media Player.  This new version of Quicktime addresses eight security vulnerabilities, several of which (if exploited) could result in application crash of remote code execution and therefore should be considered as critical in nature. 

Recommended Actions:  Persons who manage, maintain or use Quicktime are encouraged to read the Security Summary (including any associated caveats, system requirements, etc: link provided below) and (if appropriate) apply the upgrade as per the instructions provided by the vendor.  See the NOTE section below for special information regarding problems with the auto-updater feature.

NOTE: Some Internet Security agencies are reporting that the auto updater "Update Now" button on Quicktime does not find or install 7.1.5; it is recommended that users go to the specific update links (provided below) if their updater does not appear to be working properly.

ITS Actions: At this time, ITS is taking no specific additional actions to address this software release.

Resources:

Quicktime Security Summary for 7.1.5:
http://docs.info.apple.com/article.html?artnum=305149

Quicktime Download Page for Mac OS X Users:
http://www.apple.com/quicktime/download/mac.html

STANDALONE Quicktime Download Page for Windows Users:
http://www.apple.com/quicktime/download/win.html

SANS Advisory on vulnerability (includes narrative on update problems):
http://isc.sans.org/diary.html?storyid=2363

Secunia Advisory:
http://secunia.com/advisories/24359/