Apple closes security gaps for QuickTime, iPhone, iPod Touch

Apple released the first patches for 2008 to the QuickTime media player as well as the iPhone and iPod Touch on January 15.

The updates to QuickTime 7.4 for Windows and Mac users are designed to prevent a system from being hijacked when malicious movie files are opened.

Apple Downloads lists the updates for Windows XP and Vista as well as Mac OS X 10.3.9 and higher. Mac users also can access the download via Apple's Software Update.

Memory corruption issues in QuickTime's handling of Sorenson 3 video, Macintosh Resource Records, and Image Descriptor atoms are to blame for three of four noted security holes. The fix also closes a gap left when QuickTime processes compressed PICT graphics.

However, the updates do not address a vulnerability in QuickTime's streaming media protocol, publicized by Italian researcher Luigi Auriemma earlier this month.

The last fix to QuickTime was made December 13.

Apple's iPhone and iPod Touch updates are designed to bolster Passcode Lock and prevent unauthorized users from launching applications, as well as to keep owners from inadvertently leaking sensitive data via phishing Web sites accessed through Safari.

The version 1.1.3 fixes are available for download only through updates to iTunes, which should prompt users to accept the changes. Docking an iPhone or iPod Touch will also trigger the updates to be made.

[pctec100]

When is 7.4.1?

I really wish Apple was more direct in addressing vulnerabilities. As a systems admin it is very difficult to address vulnerabilities and plan updates when the vendor doesn't even acknowledge they exist until the update is out the door.

Apple does a lot of things well but addressing security issues is not one of them.

[mabullard]

The new Apple Touch E-Mail Applet is Broken

After several hours trying to get the Apple Touch E-Mail applet, one of the five new Widgets they are selling for $20, to work with GMail of my AT&T Mail, it became obvious the E-Mail applet is seriously broken.

Additionally, the recent Touch update by Apple crashed my Touch, and I am sure many thousand more. After 2.5 hours I got it back and re-synched. What an ugly job of software coding by Apple.

Two calls to Apple Tech Support revealed they have nice people answering the phones, but they don't have a CLUE about these updates or broken Widgets.

Apple raised the bar with great technology like the Touch. But after the initial product ships, things can get real ugly and there is essentially no support to speak of.

Unfortunately, the best and the worst. That is what Apple is today.

[Lee in San Diego]

Go to the Apple Forums

http://discussions.apple.com

[M C]

Not broken at all

I'm using Mail with two different mail sources: Yahoo and my own webmail. No problems at all.

I agree that you should go to the Apple forums and have someone try and help you with your individual problem.

[iteachnology]

tangent question

Does anyone know when or if Apple will be updating iTunes to allow iPhone syncing with a 64-bit computer with Windows Vista OS? I am able to sync with my MacBook, but I tend to use my HP laptop more. Not to mention I'm running out of HD space on my MacBook. I'm always checking Apple's and others iPhone forums but I haven't found anything. Thanks.

[aka_tripleB]

What I hate

I hate that you have to download and reinstall Quicktime anytime there is just a minor update. Everyone else has figured out how to just patch their problems. Are Apple programers really this lazy?