Information Technology Services

*UNPATCHED* Vulnerability in QuickTime

ALARM Group ALERT - click for a description of ALARM, The Computing Alert System

Alert Number: 011108-01
Alert Date: 01/11/08
Alert Title: *UNPATCHED* Vulnerability in QuickTime
Update-to: None.
OS/Platform/Application: Apple QuickTime < version 7.3.1.70 and prior on all applicable operating systems
Category: ALERT
Severity: HIGH
Attention: System Administrators, Desktop Support Personnel, QuickTime users

Summary: Multiple Internet Security-related agencies are reporting the existence of a vulnerability in the popular QuickTime media player application. Visitation of a malicious website or viewing of a malicious .QTL file is the most likely mechanism of exploit and could result in takeover of a vulnerable system. At the time of this writing (11:20 AM January 11 2008) no patch has yet been provided by the vendor to
address this vulnerability.

Recommended Actions: System Administrators and QuickTime users are encouraged to read the security bulletins (safe links provided below) and not to visit untrusted websites and/or view untrusted .QTL files until a patch has been made available from the vendor.

Readers are encouraged to share this alert with family, friends, and associates who may use QuickTime on their home PCs.

ITS Actions: N/A

Resources:

Secunia Advisory:
http://secunia.com/advisories/28423/

FrSIRT Advisory:
http://www.frsirt.com/english/advisories/2008/0107

Information Technology Services University at Albany, SUNY 1400 Washington Avenue Albany, NY 12222 ITS Service Centers: 518-442-4000	University at Albany Home Page Contact UAlbany \| Directories \| Calendars \| Visitors \| Site Index \| Search Admissions \| Academics \| Research \| IT Services \| Libraries \| Athletics
Internet Privacy Policy IT Policies