Network News

X My Profile
View More Activity

Apple Patches QuickTime Security Hole

Apple today issued a software update to plug a security hole in its QuickTime media player software. The flaw is present in both Mac OS X and Windows versions of the player.

Mac users can get the fix through Apple's site or via the built-in Software Update feature. Windows users can download the installer for the new version, or -- if they have a recent version of iTunes or QuickTime installed -- use the bundled Apple Software Update application.

Security researcher Dino Dai Zovi discovered the security hole last month at the CanSecWest security conference in Vancouver, B.C., in response to a challenge wherein attendees were invited to find a previously undocumented way to break into a fully patched MacBook computer over a network. Dai Zovi discovered the flaw after conference organizers relaxed the rules a bit and a $10,000 prize was added to the mix.

Initially, the bug that Dai Zovi found was thought to be a security weakness in Safari, the default Web browser on the Mac. However, later research showed that the problem was with a Java component in QuickTime that could be exploited to break into vulnerable machines just by convincing a Mac user to visit a malicious Web site.

Apple also issued a pair of non-security updates today. A company spokesman said those fixes are designed to mend compatibility problems introduced in its last round of patches in April.

Update: 10:44 a.m. ET, May 2: A previous version of this entry incorrectly stated that Dai Zovi works for Matasano Security. He is no longer with the company. The above post has been changed.

By Brian Krebs  |  May 1, 2007; 5:22 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Building A Web-Based Neighborhood Watch
Next: Scammers Randomly Target Checking Accounts

Comments

Apple sux.

I see MSFT's Ads coming against Apple

Posted by: Alam | May 2, 2007 1:54 AM | Report abuse

Anybody else have a problem with quicktime not auto-updating? I have it set to auto-update but it never does anything unless I check manually.

Posted by: D | May 2, 2007 10:30 AM | Report abuse

RE: Apple sux.

I see MSFT's Ads coming against Apple

One wonders if you've ever used a Mac or OS X. I'm no fan boy of Apple but I have used Macs since 1986, and have never believed OS X was inpervious to malware or any of the other cr@p I put up with on my PC. I only use it so I can log on to the network at work since our IT guys are too lazy to set it up so my Mac can co-exist, at home they both play rather well together on my LAN). I wouldn't trade my Macs for a PC, unless you paid enough for me to keep a satff of 4 IT guys on full time, a massage therapist and a team of shrinks for round the clock support. :p

Posted by: John | May 2, 2007 12:49 PM | Report abuse

Do Windows users with Apple Software Update still have to manually download QT 7.1.6 from Apple's website? Two Windows machines (XP SP2) did not detect a new version of QT using Apple Software Update where the current version of QT is 7.1.5.

Posted by: Anonymous | May 2, 2007 1:31 PM | Report abuse

It seems that all the Mac OS X bugs reported here are hypothetical and discovered by people looking for vulnerabilities whereas in the Windows world real users are frequently hurt by viruses, trojans, worms, etc.

Posted by: garyg | May 2, 2007 2:54 PM | Report abuse

Another reason not to use Quicktime! Oh, wait, I'm using Windows, nevermind! Oh, it affects Mac OS X too? Sigh!

Fanboy: is a term used to describe an individual who is utterly devoted to a single fannish subject, or to a single point of view within that subject, often to the point where it is considered an obsession. Fanboys remain loyal to their particular obsession, disregarding any factors that differ from their point of view. Fanboys are also stereotypically aggressive and hateful towards the opposing brand or competition of their obsession regardless of its merits or achievements.

Brian, they come out at EVERY Apple post! Even SANS!!!!!!

http://isc.sans.org/diary.html?storyid=2723

Geez! Get a life!

Posted by: TJ | May 2, 2007 7:03 PM | Report abuse

Seems all the publicity by Mr. Jobs & his friends in the Mainstream Liberal Press has backfired and now MAC has become as vulnerable as any OS to maliscious code writers. They must be bored seeing as it so much harder now to attack Windows machines.

Thanks!

Posted by: Master Guru | May 2, 2007 7:11 PM | Report abuse

Nice turnaround on the patch. At least we didn't have to wait till the second Tuesday of the month.

Posted by: hemphill81 | May 3, 2007 10:57 AM | Report abuse

I don't need to be a Mac fanatic to appreciate using a machine that doesn't get viruses, trojans, worms, etc.

I don't want to have to worry about constantly updating security. I don't have virus software on my Mac. Whats the point? I've had a Mac for 10 years, and have NEVER had one single issue with bug, spyware, etc.

IT JUST WORKS. EVERY TIME.

Keep your PC's... and the headaches.

Posted by: Apple a Day | May 5, 2007 1:46 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company