ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  050207-01 Alert Date:  05/02/07 Alert Title:  Updated version of Quicktime addresses java vulnerability Update-to:   042507-01 "*UNPATCHED* Quicktime vulnerability affects Windows and Mac users" OS/Platform/Application:   Apple Quicktime version < 7.1.6 on Windows 2000 SP4, XP Service Pack 4 Apple Quicktime version < 7.1.6 on Mac OS X v10.3.9 and v10.4.9 Category:  ALERT Severity: HIGH Attention:  System Administrators, Desktop Support Personnel, Users of Quicktime on Windows and Mac systems

Summary:  On May 1 2007 Apple released version 7.1.6 of its popular Quicktime application.  Version 7.1.6 addresses a pre-existing java handling vulnerability that was detailed in ALARM alert 042507-01.  The most likely vector of exploit for the vulnerability is the visitation of a malicious website via a Java-enabled browser.  Vulnerable browsers include Safari, Firefox, and (possibly) Opera.  Exploitation of the vulnerability could result in remote code execution and system takeover. 

Recommended Actions:  Windows and Mac system administrators/users are encouraged to read the information regarding this updated software (links provided below) and (if appropriate) install it at their earliest convenience. 

ITS Actions: N/A

Resources:

Apple document on Quicktime 7.1.6:
http://docs.info.apple.com/article.html?artnum=305446

Apple downloads page:
http://www.apple.com/support/downloads/