US CERT has posted an alert about a zero day vulnerability in Quicktime
US-CERT is aware of a vulnerability in Apple QuickTime that may allow an attacker to execute arbitrary code or cause a denial-of-service condition on an affected system.
Until a security fix becomes available, US-CERT encourages users and administrators to follow the Securing Your Web Browser document to help mitigate the security risk.
That seems about right. I just pushed the last security fix from Quicktime out to the first test group.
Related posts:
