While fans checked out the latest and greatest at Macworld on Tuesday, Apple Computer sent out a warning about serious security flaws in QuickTime.
The vulnerabilities in the media player put computers running Windows and Mac OS X at risk of being commandeered by an outsider, Apple said on its Web site. An attacker could exploit the flaws by tricking the user into opening a malicious file, the Cupertino, Calif.-based company said.
Apple released QuickTime 7.0.4 to address the vulnerabilities. The French Security Incident Response Team, a commercial security monitoring and research outfit, described the problems as "critical," its highest risk rating.
Media player flaws are nothing new. Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications, the SANS Institute said recently.
When I get an update about Quicktime, I will upgrade. But am I supposed to be a sleuth ? M$, Symantec & others manage to tell me when there's a critical patch waiting - why can't APPLE ?
Yes, Apple has an update to QuickTime available that fixes these flaws, the story mentions this clearly. However, the flaws open a door to attacks until you actually have downloaded and installed the updates. That's why I don't think the headline is misleading.
"However, the flaws open a door to attacks until you actually have downloaded and installed the updates. That's why I don't think the headline is misleading."
Perhaps you should explain your reasoning to the authors of the following Cnet headlines:
"Fixes in for Windows, Microsoft e-mail flaws"
"PostgreSQL issues 'critical' security fix"
"Microsoft: 'Patch Tuesday' updates on the way"
"Microsoft rushes out Windows patch"
"Microsoft pushes out Windows patch ahead of time"
...but I am sure it was a honest mistake. But I fail to see the problem. Microsoft is constantly attacked for problems in pre XP SP2 conputers, and for virus/trojons that infect unpatched computers. As the Apple and Linux fanboys say all the time, you should write the code correct the first time. As a software developer I can tell you that it is easier said than done, especially when you have to support hardware that you do not control.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
(But that wouldn't attract as many clicks, would it?)
Joris Evers
CNET News.com
have downloaded and installed the updates. That's why I don't
think the headline is misleading."
Perhaps you should explain your reasoning to the authors of the
following Cnet headlines:
"Fixes in for Windows, Microsoft e-mail flaws"
"PostgreSQL issues 'critical' security fix"
"Microsoft: 'Patch Tuesday' updates on the way"
"Microsoft rushes out Windows patch"
"Microsoft pushes out Windows patch ahead of time"
etc., etc., etc.
"More WMF problems for Microsoft"
...but I am sure it was a honest mistake. But I fail to see the problem. Microsoft is constantly attacked for problems in pre XP SP2 conputers, and for virus/trojons that infect unpatched computers. As the Apple and Linux fanboys say all the time, you should write the code correct the first time. As a software developer I can tell you that it is easier said than done, especially when you have to support hardware that you do not control.