Network News

X My Profile
View More Activity

New QuickTime Version Plugs 7 Security Holes

Apple on Monday released another iteration of its QuickTime media player that fixes at least seven security vulnerabilities in previous versions of the software. The flaws are present in earlier versions of QuickTime for Mac, Windows XP and Windows Vista.

Six out of seven of the security holes fixed by the new QuickTime version -- 7.3 -- are the kind that attackers or nasty Web sites could use to install unwanted software just by convincing a QuickTime user to view a specially crafted image or movie file.

Mac users can grab the latest QuickTime updates through the built-in Software Update feature. Windows users should be able to fetch the patched version via the Apple Software Update program that comes bundled with iTunes and QuickTime. For Windows users who don't have iTunes installed and don't want it, this link should work for a QuickTime standalone installer.

By Brian Krebs  |  November 5, 2007; 5:40 PM ET
Categories:  New Patches  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Deconstructing the Fake FTC E-mail Virus Attack
Next: Salesforce.com Acknowledges Data Loss

Comments

Get ready to delete icons you don't want!!!

Posted by: josef | November 5, 2007 7:23 PM | Report abuse

Get ready to delete icons you don't want!!!

Posted by: josef | November 5, 2007 7:46 PM | Report abuse

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:03 PM | Report abuse

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:24 PM | Report abuse

More icons to delete. Get off the desktop, QuickTime! Do not even think about putting yourself in my QuickLaunch. QuickTime, bad dog!!

Posted by: Josef | November 5, 2007 8:59 PM | Report abuse

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:00 AM | Report abuse

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:01 AM | Report abuse

Late on Nov 5 EST, I tried the link you provided for the standalone installer, which claims to serve Version 7.3, but it actually served me a copy of the long outdated Version 7.1.3.

The following somewhat similar page proved to serve 7.3, which I installed without difficulty:

http://www.apple.com/au/quicktime/download/

Posted by: Ted Molczan | November 6, 2007 12:01 AM | Report abuse

More security issues with QuickTime? What a surprise, personally I use either Media Player Classic or VLC for watching movie content, so far as I know, they're pretty much secure.

db

Posted by: David Bradley | November 6, 2007 3:10 AM | Report abuse

More security issues with QuickTime? What a surprise, personally I use either Media Player Classic or VLC for watching movie content, so far as I know, they're pretty much secure.

db

Posted by: David Bradley | November 6, 2007 3:10 AM | Report abuse

Brian, the link you posted for the stand-alone QuickTime installer
(http://www.apple.com/au/quicktime/download/standalone.html)

tried to install Version 7.1. The site I found starting at apple.com gave me 7.3.

Posted by: Will | November 6, 2007 9:14 AM | Report abuse

Brian,

The link to the stand-alone QT installer in your article tried to install version 7.1. Following the trail from Apple's home page got me to the 7.3 version.

Posted by: Will | November 6, 2007 9:18 AM | Report abuse

Brian,

The link to the stand-alone QT installer in your article tried to install version 7.1. Following the trail from Apple's home page got me to the 7.3 version.

Posted by: Will | November 6, 2007 9:19 AM | Report abuse

I also got 7.1.3 with the posted link.
I have Apple Software Update installed and when I clicked on that I was given a choice to update Quicktime only or Quicktime plus Itunes. The former got me QT 7.3

Posted by: RP | November 6, 2007 1:23 PM | Report abuse

Corporate policy has always dictated NOT to install Quicktime unless absolutely needed.

I would highly recommend the same for home users. The software is bloated and has become a huge security risk. Needlesss to say, it's been on my software blacklist for some time. Windows Media Player 11 and Flash Player have done nicely for me for quite a while.

If you really don't need it, ditch Quicktime!

Posted by: TJ | November 6, 2007 3:48 PM | Report abuse

>>For Windows users who don't have iTunes installed and don't want it, this link should work for a QuickTime standalone installer.

Or this link:
http://www.apple.com/support/downloads/quicktime73forwindows.html

@TJ:
>>Corporate policy has always dictated NOT to install Quicktime unless absolutely needed.

I humbly concur. Now if only corporate policy had dictated NOT to install Windows Media Player (to say nothing of Outlook Express and Internet Explorer) unless absolutely needed, we'd be getting somewhere.

Posted by: Mark Odell | November 6, 2007 6:41 PM | Report abuse

I downloaded Quicktime 7.3 and my sound device became disabled and I had no sound! I did a system retore to a previous date and my sound was back! Has anyone else out there experienced this problem?

Posted by: Steve | November 8, 2007 7:41 AM | Report abuse

Good site! I'll stay reading! Keep improving!

Posted by: George | November 10, 2007 9:13 AM | Report abuse

Good site! I'll stay reading! Keep improving!

Posted by: George | November 10, 2007 10:17 AM | Report abuse

My computer tried to download this hefty update and crapped out on me--froze up during the download, so I truncated it. After reading the comments here, I will not be allowing the update unless absolutely necessary.

Why do these programs always have such bloated code? It's as alloying as he**!

Posted by: ScrivenScript | November 12, 2007 9:55 AM | Report abuse

To Steve back at 8 November:

I too had some Windows sound functions disappear after updating to QT 7.3. Although I got sound via my media players and the sound setup control panel, things like Windows startup and shutdown sounds were gone.

Retrograding to 7.2 fixed the problem, although that's not necessarily an easy thing to do. The QuickTime installer is a nasty piece of work.

Posted by: Harron | November 28, 2007 4:49 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company