Alert Number:  110607-01
Alert Date:  11/06/07
Alert Title:  Update addresses vulnerabilities for Quicktime on Mac and Windows
Update-to:  None.
OS/Platform/Application:  Apple Quicktime <v7.3 on Windows and Mac platforms
Category:  ALERT
Severity:  Medium
Attention:  Mac and Windows system Administrators, Desktop Support Personnel, Quicktime Users

Summary:  On November 5 2007 Apple released version 7.3 of its popular Quicktime media player application for Mac and Windows systems.  Version 7.3 addresses seven vulnerabilities in the application that could lead to privilege escalation or Arbitrary Code Execution.  The most likely vectors of exploitation for these vulnerabilities are the viewing of specifically-crafted movie files or PICT images.

Recommended Actions:  Persons who manage, maintain or use Mac and Windows systems that run Quicktime are encouraged to read the update information (including any associated caveats, system requirements, etc) and (if appropriate) apply the upgrade immediately as per the instructions provided by the vendor.  Readers are encouraged to share this alert with family, friends, and associates who may use Quicktime on their home PCs.

ITS Actions:  At this time, ITS is taking no specific additional actions to address this software update release.

Resources:

Apple Quicktime 7.3 Security Content page:
http://docs.info.apple.com/article.html?artnum=306896

Apple Downloads page:
http://www.apple.com/support/downloads/