March 5, 2007 2:47 PM PST

Apple plugs eight QuickTime holes

Apple on Monday released updates to its QuickTime media player software to repair eight serious security vulnerabilities.

The vulnerabilities expose both Macs and Windows PCs to cyberattack, Apple said in a security alert. In all cases, an attacker could craft a malicious file which, when opened with QuickTime, could give the miscreant full control over a computer running the software, Apple said.

The problems lie in the way QuickTime handles a number of formats. The security updates repair problems in the way the software handles QuickTime, MIDI, 3GP, PICT and QTIF files, according to the Apple alert.

The fixed version of QuickTime is release 7.1.5. Along with the fixes, the latest version also includes some functionality improvements, Apple said. The update is available for download from Apple's Web site or through the Apple update feature, the company said.

Apple regularly issues patches for QuickTime. In January, the Mac maker put out a fix for a zero-day flaw that was released as part of the " Month of the Apple Bugs" project.

Security researchers have increasingly been targeting applications such as QuickTime in recent months. With operating systems becoming more secure, widely used programs such as media players, instant-message tools and antivirus shields have become popular hacker targets, pundits have said.

See more CNET content tagged:
Apple QuickTime, Apple Computer, media player, security, antivirus

20 comments

Join the conversation!
Add your comment
Update Works Fine
Installed this update today on 3 boxes: No problems as of yet.

Works Fine, performance-wise.

Note: If you are a Quicktime Pro user, this upgrade requires a NEW
purchase of Quicktime Pro -- no upgrade is available. This is a
downside of about $30.

Dante
Posted by dansterpower (2511 comments )
Reply Link Flag
Does NOT require new Pro registration.
Pro users already using Quicktime 7 do not have to purchase a
new registration. A new registration is only required if you are
updating from Quicktime 6 or previous version. Apple has
NEVER required new Pro licenses for minor updates of version
releases.

Already using Quicktime Pro 7? No new license required.

Using an earlier version of Quicktime Pro and want to upgrade to
Quicktime Pro 7? New license required as has always been the
case. Nothing new here.
Posted by lkrupp (1608 comments )
Link Flag
My 7.1.3 Tells me that "there are no updates available."
Update Existing player did not find Quicktime's 7.1.5 update. I had to reinstall from Apple's Site.

:-(
Posted by Tergon (74 comments )
Link Flag
Purchase _not_ required.
This is NOT a new pay for version. Unless you are still using 6.x.
You will not need to purchase anything unless this was version 8.x,
purchase is not requires on a point upgrade. Installs just fine over
previous version 7.x.

... peace.
Posted by catstartk (20 comments )
Reply Link Flag
Spin it, CNet, spin it - page views are at stake!
It's a minor update of QT, to go along with the update to iTunes. It also includes some incidental fixes.

So how does CNet portray it? "APPLE PLUGS HOLES!"

Geez louise. It's time to grow up.
Posted by M C (598 comments )
Reply Link Flag
No spin, just facts
Read what Apple say;

<a class="jive-link-external" href="http://docs.info.apple.com/article.html?artnum=305149" target="_newWindow">http://docs.info.apple.com/article.html?artnum=305149</a>
Posted by Siegfried Schtauffen (269 comments )
Link Flag
Apple Fans quick rally in defense
First of all, I find it funny when anybody puts blind trust in any software or hardware vendor. MS fanboys and Apple fanboys included.
Sorry no "spin" on this one, this is a High Severity Risk.
But a patch is available so no need to run for the hills either.
Truth of it is, if man can build it another man can tear it down. Simple as that.
I must say I am always amazed at how rude and defensive Apple fans can be on the forums.
I dont know how anybody can love either vendor that much. Only thing I can figure is MS and Apple PR employees go on all these boards to bicker back and forth.
Posted by raycoast (1 comment )
Link Flag
Overflows
Whats interesting is that all of the security holes are exploited
through buffer overflows. Many of these overflows seem to be
related to assumptions that the original programmers made
about the type of data that they expected to see. Of course,
going back and finding all of the buffer issues is a huge problem
in such a large piece of code. However, buffer overruns have
been an issue since day one and properly paranoid coding
practices should have been in place for the past decade if not
longer (I'm not targetting Apple - this is common in the entire
industry because programmers are, for lack of a better term,
lazy (I say this as a programmer)).
Posted by rapier1 (2722 comments )
Reply Link Flag
U mean the Mac is susceptible?
After all of the marketing hype and propaganda, THE MAC IS SUSCEPTIBLE! Now that Apple has a product that is popular enough, the hackers will go to work on it. QuickTime is only the first step.
I guess the marketing group will have to rethink the advertising strategy.
Posted by coachgeorge (233 comments )
Reply Link Flag
Theoretically, yes.
Hackers have been trying since before OS X, and before OS X they
were successful. These patches are designed to keep making it
harder for a hacker to successfully attack the Mac. It's been
working for six years and counting. How's your platform of choice
doing?
Posted by Macsaresafer (802 comments )
Link Flag
The Applelites take a bite of reality
Boy, what a bunch of rationalizing pantywaists these Applelites are. MS has been hammered - on this site and in these talk-backs - for years for its security holes and usually with a final pronouncement to ..'buy an Apple', closing the sermons. Well, lo and behold Mr. Jobs, the one with those back dated stock options, has been revealed as not being a god at all but rather an average human being.(Something we MS users have known all along). I loved the guy who said that code is written by humans and therefore will have mistakes in it. I don't ever recall such a rationalization coming from an Applelite concerning MS and its 'human' errors.

What a bunch of phonies you Applelites are. Always nice to see phonies have their balloons popped. Looks like you'll have to find some other product or cause to support your phony superiority.
Posted by Lenter101 (60 comments )
Reply Link Flag
Go jump in a lake
I am so tired of whining windows fanboys.

Go jump in a lake.
Posted by dansterpower (2511 comments )
Link Flag
And you obviously have not investigated the issue
If you truly took time to learn about the word, superiority in
relation to operating system security you would understand
when Apple's Unix Foundation is fundamentally more secure
than the XP and even Vista core.

Sorry, but you again rant without knowledge.

No rationalization involved, just factual basics of how operating
systems work.

And how do Steve jobs' stock option questions relate to security,
exactly? Can you fill me in on that stretch?
Posted by dansterpower (2511 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.