recent posts

Social Networking Accounts Prized By Cybercrooks
RedBox Warns of Credit Card Skimmers
Opera Updates and a Black Tuesday Preview
Beware Targeted Data-Stealing Tax Scam
Consumers Report $239 Million Lost To Cyber Fraud In '07

Stories by Category

Stories By Date

related links

The Archives
Security Fix Live: Web Chats
About This Blog
Password Primer
7 Security Tips
Technology Section

syndicate

About This Blog   |   Archives   |   RSS Feeds RSS Feed   (What's RSS?)

New QuickTime Version Plugs 7 Security Holes

Apple on Monday released another iteration of its QuickTime media player that fixes at least seven security vulnerabilities in previous versions of the software. The flaws are present in earlier versions of QuickTime for Mac, Windows XP and Windows Vista.

Six out of seven of the security holes fixed by the new QuickTime version -- 7.3 -- are the kind that attackers or nasty Web sites could use to install unwanted software just by convincing a QuickTime user to view a specially crafted image or movie file.

Mac users can grab the latest QuickTime updates through the built-in Software Update feature. Windows users should be able to fetch the patched version via the Apple Software Update program that comes bundled with iTunes and QuickTime. For Windows users who don't have iTunes installed and don't want it, this link should work for a QuickTime standalone installer.

By Brian Krebs |  November 5, 2007; 5:40 PM ET New Patches
Previous: Deconstructing the Fake FTC E-mail Virus Attack | Next: Salesforce.com Acknowledges Data Loss

Comments

Please email us to report offensive comments.



Get ready to delete icons you don't want!!!

Posted by: josef | November 5, 2007 7:23 PM

Get ready to delete icons you don't want!!!

Posted by: josef | November 5, 2007 7:46 PM

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:03 PM

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:24 PM

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:59 PM

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:00 AM

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:01 AM

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:01 AM

More security issues with QuickTime? What a surprise, personally I use either Media Player Classic or VLC for watching movie content, so far as I know, they're pretty much secure.

db

Posted by: David Bradley | November 6, 2007 3:10 AM

More security issues with QuickTime? What a surprise, personally I use either Media Player Classic or VLC for watching movie content, so far as I know, they're pretty much secure.

db

Posted by: David Bradley | November 6, 2007 3:10 AM

Brian, the link you posted for the stand-alone QuickTime installer
(http://www.apple.com/au/quicktime/download/standalone.html)

tried to install Version 7.1. The site I found starting at apple.com gave me 7.3.

Posted by: Will | November 6, 2007 9:14 AM

Brian,

The link to the stand-alone QT installer in your article tried to install version 7.1. Following the trail from Apple's home page got me to the 7.3 version.

Posted by: Will | November 6, 2007 9:18 AM

Brian,

The link to the stand-alone QT installer in your article tried to install version 7.1. Following the trail from Apple's home page got me to the 7.3 version.

Posted by: Will | November 6, 2007 9:19 AM

I also got 7.1.3 with the posted link.
I have Apple Software Update installed and when I clicked on that I was given a choice to update Quicktime only or Quicktime plus Itunes. The former got me QT 7.3

Posted by: RP | November 6, 2007 1:23 PM

Corporate policy has always dictated NOT to install Quicktime unless absolutely needed.

I would highly recommend the same for home users. The software is bloated and has become a huge security risk. Needlesss to say, it's been on my software blacklist for some time. Windows Media Player 11 and Flash Player have done nicely for me for quite a while.

If you really don't need it, ditch Quicktime!

Posted by: TJ | November 6, 2007 3:48 PM

>>For Windows users who don't have iTunes installed and don't want it, this link should work for a QuickTime standalone installer.

Or this link:
http://www.apple.com/support/downloads/quicktime73forwindows.html

@TJ:
>>Corporate policy has always dictated NOT to install Quicktime unless absolutely needed.

I humbly concur. Now if only corporate policy had dictated NOT to install Windows Media Player (to say nothing of Outlook Express and Internet Explorer) unless absolutely needed, we'd be getting somewhere.

Posted by: Mark Odell | November 6, 2007 6:41 PM

I downloaded Quicktime 7.3 and my sound device became disabled and I had no sound! I did a system retore to a previous date and my sound was back! Has anyone else out there experienced this problem?

Posted by: Steve | November 8, 2007 7:41 AM

Good site! I'll stay reading! Keep improving!

Posted by: George | November 10, 2007 9:13 AM

Good site! I'll stay reading! Keep improving!

Posted by: George | November 10, 2007 10:17 AM

My computer tried to download this hefty update and crapped out on me--froze up during the download, so I truncated it. After reading the comments here, I will not be allowing the update unless absolutely necessary.

Why do these programs always have such bloated code? It's as alloying as he**!

Posted by: ScrivenScript | November 12, 2007 9:55 AM

To Steve back at 8 November:

I too had some Windows sound functions disappear after updating to QT 7.3. Although I got sound via my media players and the sound setup control panel, things like Windows startup and shutdown sounds were gone.

Retrograding to 7.2 fixed the problem, although that's not necessarily an easy thing to do. The QuickTime installer is a nasty piece of work.

Posted by: Harron | November 28, 2007 4:49 PM

The comments to this entry are closed.

 
 

©  The Washington Post Company