If you had <Insert software title> runing on <Insert O/S>, then this wouldn't happen. It serves you right for running <Insert software title> on the crappy <Insert O/S>, so you get what you <Insert insult> deserve.

Thankyou.

Pending a patch from Microsoft...

This is a typo right? Or do we really rely on Microsoft to put out a patch for quicktime which casues problems mainly through Firefox.

"avoid following links to untrusted Web sites."

along with "don't open dodgy emails" and "don't run dodgy programs" this mantra should keep anybody safe.

But surely the whole point of being phished is that you THINK it's a trusted website?

"But surely the whole point of being phished is that you THINK it's a trusted website?"

Some trusted web sites even land the phishes themselves with automatic updates.

"Pending a patch from Microsoft, users are advised to restrict outbound connections on port TCP 554 using their firewalls, "

Sounds like whats happening is Apple is say hey let your fire wall soft ware fix out bugs.

It's possible either US-CERT or Symantec are wrong the following from isc.sans update of earlier diary.

"We have received a report that exploits are now working for Vista, XP, IE6, IE7, and Safari 3.0 on Windows. Keep in mind that other attack vectors may be vulnerable as well."

As well as firefox.

if so maybe thats why MS would want to patch it.