Network News

X My Profile
View More Activity

Apple Patches QuickTime Holes

Apple on Monday issued security patches to plug multiple security holes in its QuickTime media player software. The new version of the player -- QuickTime 7.1.5 -- fixes at least eight separate and serious vulnerabilities.

Updates are available for Mac OS X, Windows 2000, Windows XP and Windows Vista versions. Mac users can get the latest version either from Apple's site or via the built-in Software Update feature. Windows users with recent versions of QuickTime installed will already have Apple's Software Update program and should use that to get this latest version. Alternatively, Windows users can download it by following this link.

By Brian Krebs  |  March 6, 2007; 10:37 AM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: RFID Flap Silences Security Researchers
Next: Vishing: Dialing for Dollars, Part II

Comments

This will be cool with my new iPod...have you guys gotten one yet? They are so small and cute. I've lost mine 5 times today already...have to go to Best Buy at lunch today to get another one...ooops nevermind, here it is!

Rock ON!

Posted by: Pedro | March 6, 2007 12:06 PM | Report abuse

I cannot download Quicktime 7.1.5 manually, and cannot determine the cause.
My system is Windows XP, SP2; browser is Firefox with NoScript installed.
Anyone else encounter this problem? Ideas?
Thanks, Sarah

Posted by: Sarah | March 6, 2007 12:25 PM | Report abuse

I hope this fixes some of the problems I have been having with my Ipod and WinXP. If not, I can always switch to a windows MP3 player, or just upgrade my PDA. For some reason I just don't like Apple. It seems to "kiddy" to me.

Posted by: Joey Bee | March 6, 2007 12:43 PM | Report abuse

Fair warning for those who use Standalone QuickTime, if you go to the Apple site to get the new version, you'll be told it is 7.1.5, but when it's downloaded and installed, you'll find out the version is 7.1.3.100.

http://www.apple.com/au/quicktime/download/standalone.html.

Posted by: Gin | March 6, 2007 1:01 PM | Report abuse

classic "PC" quote, "To, kiddy for me." hahahah, living up to the stereotype.

Posted by: badger | March 6, 2007 1:04 PM | Report abuse

Krebster, when are you going to come out to apologize for your "Hijack" story. Maynor is now releasing at the information and it's clear you were had: the MacBook you saw didn't have the same airport driver.

Posted by: Charlie | March 6, 2007 1:04 PM | Report abuse

Hat tip to Gin. I successfully downloaded and installed Standalone Quicktime from the address Gin posted. I got version 7.1.5.120.
Hat tip to Mr. Krebs for recommending Secunia's Software Inspector, which alerted me to the new Quicktime version, because the auto-update function of 7.1.3 did not work.
Thanks, Sarah

Posted by: Sarah | March 6, 2007 1:44 PM | Report abuse

It's so hilarious that this would come about at the same time as Apple's ridiculous and misleading "PC's have security problems" ads on television.

Posted by: Gunther | March 6, 2007 2:04 PM | Report abuse

The Quicktime update is most for PC SECURITY ISSUES. Not OSX. Bender.

Posted by: Todd | March 6, 2007 3:29 PM | Report abuse

Everything updated fine here. Never had any issues at all. Cheers Apple and keep up the great work!

Posted by: Jay | March 6, 2007 3:32 PM | Report abuse

ALL commercial & free OS's have security issues. MS, Apple, Solaris, Linux, etc. The more widely used by businesses and consumers the quicker the wholes are exploited. That is why MS and Apple get the most negative press. Although MS does have one of the worst track records security wise. Even Vista evens a lot to be desired on security side. OSX is just an off shoot of BSD. Yes even BSD has security wholes at times. BSD's track record beats any MS OS hands down.

Posted by: rv | March 6, 2007 3:39 PM | Report abuse

MS is the king of releasing half-baked software. Yes, they are the biggest so they are scruntinzied more, but their size should translate into an army of the most talented people that are able to write the most secure software.

Posted by: John | March 6, 2007 3:46 PM | Report abuse

Err, the very first link in this article points to your webmail. I think you should remove the "https://webmail.wpni.com/exchweb/bin/redir.asp?" part of that URL. ;)

Posted by: thingy | March 6, 2007 5:26 PM | Report abuse

Hey! I know! Let's fight over whther Macs or PCs are better! Nobody's EVER done that before! And whoever shouts loudest wins!

Posted by: Adam | March 6, 2007 6:22 PM | Report abuse

Caps lock is cruise control for cool.

Posted by: jw | March 6, 2007 9:01 PM | Report abuse

Adam: AWESOME QUOTE!!!

Glad to see everyone is fixing the security holes for all OS's

:)

Posted by: Derek | March 6, 2007 11:04 PM | Report abuse

FYI --- your posted link isn't a patch, it's an install of ITunes and Quick Time see below --- do you know if the acutal installation allows users to opt out of itunes?

"QuickTime 7.1.5 with iTunes
for Windows 2000/XP "

Posted by: Charles | March 7, 2007 12:22 AM | Report abuse

Just a recommendation: let's stick to topic. The "security holes" for both Mac OSX and Windows versions of Quicktime that were amended with release 7.1.5 are largely to reign in the exploitations of scripting in movie files. The "security risk" is that some malicious script in a .mov file might cause a memory overrun and cause Quicktime to crash. That's not a big security risk, it's a stability issue, and Apple has solved it. Anyone here posting about how secure or insecure they perceive an operating system to be, how much you love your iPod, or other irrelevant crap, please find something useful to do with your spare time.

Posted by: rouleaux | March 7, 2007 12:35 PM | Report abuse

Sarah, I've got the same problem, only with IE6 (IE7 doesn't play well with dial-up systems). Anybody got any ideas for a workaround?

Posted by: Roger Blair | March 7, 2007 7:41 PM | Report abuse

@rouleaux:
>>The "security risk" is that some malicious script in a .mov file might cause a memory overrun and cause Quicktime to crash.

To be more accurate: the security risk in Quicktime is that some malicious script in a .mov file *will* run in the browser's least-secured security zones, and *could* do something even more malicious than described here:
http://blog.spywareguide.com/2006/12/myspace_phish_attack_leads_use.html

And, there's no config option to disable scripting in the HREF function.

Posted by: Mark Odell | March 8, 2007 1:47 PM | Report abuse

"Windows users with recent versions of QuickTime installed will already have Apple's Software Update program and should use that to get this latest version."

But that, of course tells me my version is up to date.

Posted by: Anonymous | March 8, 2007 8:16 PM | Report abuse

The Apple Software Update (for Windows) is a piece of $#!*.

At first, I thought they had improved it. After reading Brian's blog post I ran Software Update and it downloaded and installed the QuickTime update. Well done, Apple, I thought.

But now, less than 24 hours later, Software Update has automatically run another check and popped open a window telling me it's time to get some updated software: "iTunes + QuickTime" (written on a single line, so that you cannot select just QuickTime). Great, except that I don't HAVE iTunes installed in the first place, and I don't want it. Moreover, there's nothing there to tell me if I'll be missing out on an actual QuickTime update by refusing this download.

Apple's Software Update should be a simple mechanism for keeping users' installed Apple software up-to-date and secure, but it instead gives the impression that its real purpose is to get iTunes on more people's computers. What a terrible way to handle security updates.

Posted by: t_joe | March 9, 2007 1:05 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company