January 10, 2006 5:37 PM PST

QuickTime bugs open door to attack

While fans checked out the latest and greatest at Macworld on Tuesday, Apple Computer sent out a warning about serious security flaws in QuickTime.

The vulnerabilities in the media player put computers running Windows and Mac OS X at risk of being commandeered by an outsider, Apple said on its Web site. An attacker could exploit the flaws by tricking the user into opening a malicious file, the Cupertino, Calif.-based company said.

Apple released QuickTime 7.0.4 to address the vulnerabilities. The French Security Incident Response Team, a commercial security monitoring and research outfit, described the problems as "critical," its highest risk rating.

The Tuesday alert follows an October security update for the same software. Security experts have warned of unpatched flaws in QuickTime as well as iTunes software. Apple typically does not comment on unpatched flaws.

Media player flaws are nothing new. Cybercriminals are shifting their attacks from operating systems such as Windows to media players and other applications, the SANS Institute said recently.

10 comments

Join the conversation!
Add your comment (Log in or register)
fixed.
...already fixed...as indicated by the article.
Posted by (96 comments )
Reply Link Flag
Fire your headline people...
It should be, "Apple issues QuickTime update."

(But that wouldn't attract as many clicks, would it?)
Posted by M C (571 comments )
Reply Link Flag
Issues to who ?
When I get an update about Quicktime, I will upgrade. But am I supposed to be a sleuth ? M$, Symantec & others manage to tell me when there's a critical patch waiting - why can't APPLE ?
Posted by (409 comments )
Link Flag
Attack possible, until you update
Yes, Apple has an update to QuickTime available that fixes these flaws, the story mentions this clearly. However, the flaws open a door to attacks until you actually have downloaded and installed the updates. That's why I don't think the headline is misleading.

Joris Evers
CNET News.com
Posted by JorisEvers (48 comments )
Link Flag
Really?
"However, the flaws open a door to attacks until you actually
have downloaded and installed the updates. That's why I don't
think the headline is misleading."

Perhaps you should explain your reasoning to the authors of the
following Cnet headlines:

"Fixes in for Windows, Microsoft e-mail flaws"

"PostgreSQL issues 'critical' security fix"

"Microsoft: 'Patch Tuesday' updates on the way"

"Microsoft rushes out Windows patch"

"Microsoft pushes out Windows patch ahead of time"

etc., etc., etc.
Posted by Terry Murphy (83 comments )
Reply Link Flag
Equality
Oddly you forgot...

"More WMF problems for Microsoft"

...but I am sure it was a honest mistake. But I fail to see the problem. Microsoft is constantly attacked for problems in pre XP SP2 conputers, and for virus/trojons that infect unpatched computers. As the Apple and Linux fanboys say all the time, you should write the code correct the first time. As a software developer I can tell you that it is easier said than done, especially when you have to support hardware that you do not control.
Posted by Andrew J Glina (1673 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

Inside CNET News

1-2 of 12

Scroll Left Scroll Right

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

Markets

Market news, charts, SEC filings, and more

Related quotes

Apple (0.00%) 0.00 493.42
Dow Jones Industrials (0.00%) 0.00 12,801.23
S&P 500 (0.00%) 0.00 1,342.64
NASDAQ (0.00%) 0.00 2,903.88
CNET TECH (0.00%) 0.00 2,032.01
  Symbol Lookup