January 10, 2006 5:37 PM PST

QuickTime bugs open door to attack

While fans checked out the latest and greatest at Macworld on Tuesday, Apple Computer sent out a warning about serious security flaws in QuickTime.

The vulnerabilities in the media player put computers running Windows and Mac OS X at risk of being commandeered by an outsider, Apple said on its Web site. An attacker could exploit the flaws by tricking the user into opening a malicious file, the Cupertino, Calif.-based company said.

Apple released QuickTime 7.0.4 to address the vulnerabilities. The French Security Incident Response Team, a commercial security monitoring and research outfit, described the problems as "critical," its highest risk rating.

The Tuesday alert follows an October security update for the same software. Security experts have warned of unpatched flaws in QuickTime as well as iTunes software. Apple typically does not comment on unpatched flaws.

Media player flaws are nothing new. Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications, the SANS Institute said recently.

Add a Comment (Log in or register) 10 comments
fixed.
by January 10, 2006 6:25 PM PST
...already fixed...as indicated by the article.
Reply to this comment
Fire your headline people...
by M C January 10, 2006 6:28 PM PST
It should be, "Apple issues QuickTime update."

(But that wouldn't attract as many clicks, would it?)
Reply to this comment View all 2 replies
Really?
by Terry Murphy January 11, 2006 3:01 AM PST
"However, the flaws open a door to attacks until you actually
have downloaded and installed the updates. That's why I don't
think the headline is misleading."

Perhaps you should explain your reasoning to the authors of the
following Cnet headlines:

"Fixes in for Windows, Microsoft e-mail flaws"

"PostgreSQL issues 'critical' security fix"

"Microsoft: 'Patch Tuesday' updates on the way"

"Microsoft rushes out Windows patch"

"Microsoft pushes out Windows patch ahead of time"

etc., etc., etc.
Reply to this comment View reply
Powered by Jive Software
advertisement

Latest tech news headlines

RSS Feeds

Add headlines from CNET News.com to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right