Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.
The vulnerabilities expose both Macs and Windows PCs to cyberattack, Apple said in a security alert. In all cases, an attacker could craft a malicious file which, when opened with QuickTime, could give the miscreant full control over a computer running the software, Apple said.
The problems lie in the way QuickTime handles a number of formats. The security updates repair problems in the way the software handles QuickTime, MIDI, 3GP, PICT and QTIF files, according to the Apple alert.
The fixed version of QuickTime is release 7.1.5. Along with the fixes, the latest version also includes some functionality improvements, Apple said. The update is available for download from Apple's Web site or through the Apple update feature, the company said.
Security researchers have increasingly been targeting applications such as QuickTime in recent months. With operating systems becoming more secure, widely used programs such as media players, instant-message tools and antivirus shields have become popular hacker targets, pundits have said.
Installed this update today on 3 boxes: No problems as of yet.
Works Fine, performance-wise.
Note: If you are a Quicktime Pro user, this upgrade requires a NEW purchase of Quicktime Pro -- no upgrade is available. This is a downside of about $30.
Pro users already using Quicktime 7 do not have to purchase a new registration. A new registration is only required if you are updating from Quicktime 6 or previous version. Apple has NEVER required new Pro licenses for minor updates of version releases.
Already using Quicktime Pro 7? No new license required.
Using an earlier version of Quicktime Pro and want to upgrade to Quicktime Pro 7? New license required as has always been the case. Nothing new here.
This is NOT a new pay for version. Unless you are still using 6.x. You will not need to purchase anything unless this was version 8.x, purchase is not requires on a point upgrade. Installs just fine over previous version 7.x.
First of all, I find it funny when anybody puts blind trust in any software or hardware vendor. MS fanboys and Apple fanboys included. Sorry no "spin" on this one, this is a High Severity Risk. But a patch is available so no need to run for the hills either. Truth of it is, if man can build it another man can tear it down. Simple as that. I must say I am always amazed at how rude and defensive Apple fans can be on the forums. I dont know how anybody can love either vendor that much. Only thing I can figure is MS and Apple PR employees go on all these boards to bicker back and forth.
Whats interesting is that all of the security holes are exploited through buffer overflows. Many of these overflows seem to be related to assumptions that the original programmers made about the type of data that they expected to see. Of course, going back and finding all of the buffer issues is a huge problem in such a large piece of code. However, buffer overruns have been an issue since day one and properly paranoid coding practices should have been in place for the past decade if not longer (I'm not targetting Apple - this is common in the entire industry because programmers are, for lack of a better term, lazy (I say this as a programmer)).
After all of the marketing hype and propaganda, THE MAC IS SUSCEPTIBLE! Now that Apple has a product that is popular enough, the hackers will go to work on it. QuickTime is only the first step. I guess the marketing group will have to rethink the advertising strategy.
Hackers have been trying since before OS X, and before OS X they were successful. These patches are designed to keep making it harder for a hacker to successfully attack the Mac. It's been working for six years and counting. How's your platform of choice doing?
Boy, what a bunch of rationalizing pantywaists these Applelites are. MS has been hammered - on this site and in these talk-backs - for years for its security holes and usually with a final pronouncement to ..'buy an Apple', closing the sermons. Well, lo and behold Mr. Jobs, the one with those back dated stock options, has been revealed as not being a god at all but rather an average human being.(Something we MS users have known all along). I loved the guy who said that code is written by humans and therefore will have mistakes in it. I don't ever recall such a rationalization coming from an Applelite concerning MS and its 'human' errors.
What a bunch of phonies you Applelites are. Always nice to see phonies have their balloons popped. Looks like you'll have to find some other product or cause to support your phony superiority.
If you truly took time to learn about the word, superiority in relation to operating system security you would understand when Apple's Unix Foundation is fundamentally more secure than the XP and even Vista core.
Sorry, but you again rant without knowledge.
No rationalization involved, just factual basics of how operating systems work.
And how do Steve jobs' stock option questions relate to security, exactly? Can you fill me in on that stretch?
The company, which makes biofuel and biochemicals company from a microbes, hits a production snag, another sign of how slowly the advanced biofuel industry is progressing.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
The space agency powers down its last System Z machine, years after IBM stopped selling them for the mathematical calculation jobs for which NASA originally bought them.
Mozilla plans to release a beta version this year for Microsoft's upcoming Windows interface. It'll be a lot of work, but Mozilla doesn't really have a choice.
Works Fine, performance-wise.
Note: If you are a Quicktime Pro user, this upgrade requires a NEW
purchase of Quicktime Pro -- no upgrade is available. This is a
downside of about $30.
Dante
new registration. A new registration is only required if you are
updating from Quicktime 6 or previous version. Apple has
NEVER required new Pro licenses for minor updates of version
releases.
Already using Quicktime Pro 7? No new license required.
Using an earlier version of Quicktime Pro and want to upgrade to
Quicktime Pro 7? New license required as has always been the
case. Nothing new here.
:-(
You will not need to purchase anything unless this was version 8.x,
purchase is not requires on a point upgrade. Installs just fine over
previous version 7.x.
... peace.
So how does CNet portray it? "APPLE PLUGS HOLES!"
Geez louise. It's time to grow up.
<a class="jive-link-external" href="http://docs.info.apple.com/article.html?artnum=305149" target="_newWindow">http://docs.info.apple.com/article.html?artnum=305149</a>
Sorry no "spin" on this one, this is a High Severity Risk.
But a patch is available so no need to run for the hills either.
Truth of it is, if man can build it another man can tear it down. Simple as that.
I must say I am always amazed at how rude and defensive Apple fans can be on the forums.
I dont know how anybody can love either vendor that much. Only thing I can figure is MS and Apple PR employees go on all these boards to bicker back and forth.
through buffer overflows. Many of these overflows seem to be
related to assumptions that the original programmers made
about the type of data that they expected to see. Of course,
going back and finding all of the buffer issues is a huge problem
in such a large piece of code. However, buffer overruns have
been an issue since day one and properly paranoid coding
practices should have been in place for the past decade if not
longer (I'm not targetting Apple - this is common in the entire
industry because programmers are, for lack of a better term,
lazy (I say this as a programmer)).
I guess the marketing group will have to rethink the advertising strategy.
were successful. These patches are designed to keep making it
harder for a hacker to successfully attack the Mac. It's been
working for six years and counting. How's your platform of choice
doing?
What a bunch of phonies you Applelites are. Always nice to see phonies have their balloons popped. Looks like you'll have to find some other product or cause to support your phony superiority.
Go jump in a lake.
relation to operating system security you would understand
when Apple's Unix Foundation is fundamentally more secure
than the XP and even Vista core.
Sorry, but you again rant without knowledge.
No rationalization involved, just factual basics of how operating
systems work.
And how do Steve jobs' stock option questions relate to security,
exactly? Can you fill me in on that stretch?