QuickTime Security Update Taxes Some Mac Users
Some computer users running Apple Mac OS X are having a bit of a taxing time with the TurboTax software after installing a recent security update for Apple's QuickTime media player. The QuickTime update, released last week, effectively prevents a number of programs from launching.
The problem appears to be limited to users of Mac OS X 10.3.9 and earlier versions, but the interference caused by the QuickTime update is not limited to TurboTax. The update is reportedly causing problems with games such as World of Warcraft, Age of Empires III, Full Tilt Poker and Snake, according to numerous threads at the online user forums of both Apple and TurboTax.
It looks like TurboTax parent Intuit plans to release an update on Monday to try and work around Apple's patch. The company even posted a link where users can leave their contact information to be alerted when a fix is available.
For many users, that response stood in contrast to Apple's, which -- now a week after this "QuickTax" problem was first highlighted -- so far has been non-existent. Michael Molton, a software engineer from Virginia Beach, Va., was less than impressed: "COME ON APPLE," he wrote in a post last Wednesday on Apple's user forum. "You introduced this bug about 48 hours ago, there is zero excuse for not having a fix or at the VERY least some announcement that a fix is coming." A user going by the name MacPatty writes: "Is anyone at Apple actually working on this problem or we all just talking to each other here. Does Apple know that they created a big problem for us?"
Apple's silence on security-related problems facing its rapidly expanding user base has been lagging a bit lately. More than four months ago, a computer worm that leveraged a design flaw in QuickTime spread rapidly to users of the social networking site MySpace.com, stealing passwords from more than 100,000 users. The company responded by quietly issuing a patch designed just for MySpace users, which MySpace admins rolled out in a rather clumsy and insecure way. But Apple largely refused to talk to reporters about the whole incident, and it has yet to issue an advisory to let QuickTime users know whether they should be at all concerned about it, and if so what they can do to minimize their chances of being the next victim.
OK, so maybe the largest share of QuickTime users are running Microsoft Windows, and the MySpace worm didn't appear to do much more than steal MySpace logins. Still, this is an attack that could be replicated on other sites, with more serious consequences affecting both Mac and Apple users.
A question for Apple: Could you create a simple blog that offers suggestions or workarounds for high-profile problems affecting your customers, or at least assure users that you have heard their concerns and are investigating the problem?
By Brian Krebs |
March 12, 2007; 12:21 PM ET
Latest Warnings
Previous: Online Anti-Virus Scans: A Free Second Opinion |
Next: Apple Releases a Bushel of Software Patches
Posted by: Kim | March 12, 2007 11:55 AM
Regarding the MySpace thing:
http://docs.info.apple.com/article.html?artnum=305149
CVE-2006-4965, CVE-2007-0059
Posted by: QuickTimer | March 12, 2007 12:18 PM
It has been said in various online blogs and forums, Apple has a long way to go and a lot to learn yet. Right now, they are where Microsoft used to be about five/six years ago.
Apple had better wake up and start becoming more transparent in addressing these types of issues. Currently, they seem to have their head buried in the sand!
Posted by: TJ | March 12, 2007 12:20 PM
BTW. The blog post times are off by an hour! DST issue?
Posted by: TJ | March 12, 2007 12:35 PM
I've been a Mac user almost since they first came out in the 1980s, but I have to say that Apple's customer service--not just on security issues, but in all areas--has been abysmal the last few years. That they are generally better than their competitors' efforts is no excuse--Apple market themselves as customer-friendly, and need to live up to that.
On Apple's difficult-to-use online forums, there is rarely any indication that Apple is reading the comments at all. I haven't had many problems with my Apple products, but the four or five times I have, I've never gotten a solution from the forums (even though other people have had the same problems.)
A notable exception is the Apple Stores--customer service, including technical support, is excellent there in my experience. Unfortunately for me, the nearest Apple Store is 200 miles away.
Posted by: Mac Fan | March 12, 2007 1:25 PM
@ Kim
"But, but, but, I thought Macs were the perfect machine with the perfect OS that is impervious to any badness out there."
That is what is known as a straw man.
"Maybe this will get the Mac folks to be a little more vigilant and responsive to the internet baddies. The latest Quicktime update hosed the Firefox plugin until the latest Firefox update."
Murky logic here. An Apple security update caused problems for legitimate programs, and this is supposed to "get Mac folks more vigilant and responsive to the internet baddies"? No, I think the article's call for Apple to be more transparent is really the issue.
Posted by: Thor | March 12, 2007 1:38 PM
Brian,
I agree with your call for greater transparancy here, since it calls for Apple to give more details about bugs introduced by an Apple software update. There are good reasons to not comment about security holes, however.
Please, please, please, however, do not hold up Intuit as a paragon of customer responsiveness, especially as it pertains to Mac users and Quicken. Intuit just soaks as much money as possible, coming out with new versions every year while disabling functionality of older versions. In the meantime, they do not keep feature parity with the Windows version of Quicken.
I can confirm that there does not seem to be a problem with Turbo Tax for those running the most recent Mac OS version (Tiger). It's running just fine for me.
Posted by: Thor | March 12, 2007 1:51 PM
They are too busy making cute commercials advertising their vast superiority over all other operating systems to bother with such issues. :P
Apple has always been this way, secretive and isolated. Transparency is not their forte but at least they can stop the smug commercials and accept the fact that they too are vulnerable.
Posted by: Bobby | March 12, 2007 3:11 PM
Knew some of the Zealots would find this.
Thor, Apple and some of their users, need to get off their high horse when it comes to security.
I was referring to the many users out there who believe that Big Brother (how ironic is that?) will protect them.
Instead of trying to pick apart my individual words, try to find the overall meaning. It was a lazy update from Apple, they need to have more robust solutions. I think we're on the same page....or at least the same chapter.
Posted by: Kim | March 12, 2007 3:11 PM
@ Kim
I think the overall meaning is clear, and the snide zealot comment in your follow-up makes it perfectly obvious.
If you truly believe that Mac users think that Apple can do no wrong, then you really don't know Mac users. Just check out any Mac user fan site to see the vigorous criticism and debate that surrounds practically every move by Apple. Mac fans are Apple's harshest critics by far, which is only natural because they care a lot more about details of the Mac OS, small and large. This story is based on comments from Mac users in Apple's and Intuit's forums after all.
This wasn't the first software update that has caused people problems, and it won't be the last. Perhaps less consequential but more amusing the recent story (March 9th) about Microsoft's Virtual PC2007 software wrongly identifying old versions of Windows as hositle operating systems and disabling them. The link probably won't work but see the article entitled "Friendly fire mixup" in theregister.co.uk.
http://www.theregister.co.uk/2007/03/09/friendly_fire_virtual_pc/
I fully understand that Mac fans can be annoying in Mac versus Windows debates (so can those who blindly hate Macs for that matter), but the idea that Mac users -- as a class -- think the Mac OS is invulernable or perfect is hooey.
Posted by: Thor | March 12, 2007 4:14 PM
You don't have to put up with Intuit. Switch to TaxCut.
Posted by: RL | March 12, 2007 7:20 PM
You're in trouble when your video program needs a security patch. What's that all about?!?
Posted by: bluemark | March 13, 2007 10:24 AM
Intuit programmers took the easy route rather than follow the rules Apple provides. That's why Apple didn't offer to patch the correctly written iTunes update but left Intuit to correct their mistake.
Posted by: robert Gray | March 13, 2007 4:57 PM
Two thoughts: There are a number of comments here that talk about Apple needing to wake up to security. The fact that they ditched their old OS completely and moved to a tried and true, security proven kernel in BSD for their current OS demonstrates that commitment. I have used a Mac of some kind or another since 1995 and have never seen a virus or had any security problem on my machine. Not once in 12 years. Now having said that, I have problems in a big way with Apple's transparency on their updates, particularly in the way they work with application developers. The OS-X 10.4.7 update completely broke my VPN client and both the company that makes the client (Apani) and I tried working with Apple to get them to fix the problems the update caused and got nowhere. They said that they had not gotten enough complaints to justify allocating resources to address the problem. Very frustrating and very disappointing.
Posted by: Shieldzee | March 14, 2007 10:41 AM
The comments to this entry are closed.
But, but, but, I thought Macs were the perfect machine with the perfect OS that is impervious to any badness out there.
Maybe this will get the Mac folks to be a little more vigilant and responsive to the internet baddies. The latest Quicktime update hosed the Firefox plugin until the latest Firefox update.