Welcome | Sign In
CRMBuyer.com
Security Updates

QuickTime Flaws Torment Apple for Seventh Time This Year

Print Version
E-Mail Article
Reprints
QuickTime Flaws Torment Apple for Seventh Time This Year

By Walaika Haskins
MacNewsWorld
Part of the ECT News Network
11/06/07 2:44 PM PT

For the seventh time this year, Apple has distributed a new set of patches for its QuickTime movie player -- both the Mac and PC versions. Unpatched versions of the utility could open the user up to a malware attack, the Mac maker said. The number of patches Apple has issued for QuickTime are unusually high for Apple, according to Mike Haro, senior security consultant at Sophos.


Apple (Nasdaq: AAPL) released another version of its QuickTime digital media player Monday. The latest edition of the application corrects seven potentially harmful security vulnerabilities discovered in previous versions of the software, QuickTime 7.2 and earlier.

Users of Windows XP and Windows Vista as well as users of Mac OS X v10.3.9, Mac OS X v10.4.9 or later and Mac OS X v10.5 should download and install the QuickTime 7.3 update, according to Apple.

This is the seventh update Apple has released for QuickTime in 2007. Just one month ago, Apple released a fix for a critical flaw in the Windows version of the media player.

Pair of Sevens

The number of patches Apple has issued for QuickTime are unusually high for the Mac maker, Mike Haro, senior security consultant at Sophos, said. However, he cannot say whether the difficulties Apple is having with QuickTime are a consequence of its cross-platform use in both Macs and PCs.

"It is unclear to me as to why there are an unusual amount of patches for this vulnerability," he told MacNewsWorld. "It appears as if they are applying different patches to newly realized ways that this vulnerability can be exploited.

"But [cross-platform applications such as QuickTime and Safari] do represent enough of a target that hackers could see a reason to focus on infecting those users," Haro added.

Seventh Time's the Charm?

Six of the vulnerabilities could permit an attacker to install malware on a user's computer -- Mac or PC. Attackers exploit the flaw by enticing users to open a maliciously crafted movie or image file, according to Apple.

The seventh security bug deals with QuickTime for Java. These "multiple vulnerabilities" may enable "untrusted Java applets" elevated privileges. This could open the door for unauthorized access to sensitive personal information.

The vulnerabilities highlight the need for both Mac and PC owners to make sure that they have the latest patches.

"[Users need to] patch, patch, patch," Natalie Lambert, a Forrester Research analyst, told MacNewsWorld.

Repeated fixes aside, Haro said, Apple deserves a pat on the back for continuing to try and resolve this problem.

"Apple should be applauded for staying on top of the problem," he stated.

Print Version E-Mail Article Reprints More by Walaika Haskins

Talkback: Be the first to comment on this story.

More by Walaika Haskins

ZeeVee's Zinc Browser Gets Web TV Right
April 29, 2009
The Zinc Browser from ZeeVee updates the old Zviewer with tighter navigation and better catalog options. The finished application offers a great way to find TV shows and movies anywhere on the Web, regardless of whether they're hosted by Hulu, CBS, Netflix, Amazon's on-demand service or others. 		Game Sales Sputter, 'GTA' Fails to Steal the Show
April 23, 2009
It may appear as though the video game industry is beginning to join the economy at large in its slump, as March numbers from NPD were less than encouraging. However, a year-over-year perspective is difficult due to the timing of game releases and holidays. Meanwhile, Take-Two hasn't seen much success in introducing its violent "GTA" series to the Nintendo DS. 		Can Microsoft Win the Online Game?
April 16, 2009
Now that the major video game consoles have been on the market for two and a half years -- or more -- hardware sales have slowed considerably. Online services, however, still have room to grow. InStat says subscriber bases will take off in the coming years, and Microsoft's Xbox platform may come out the big winner.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Inside CRM Buyer
CRM Buyer
E-Commerce Times
TechNewsWorld
LinuxInsider
MacNewsWorld
Today's CRM Buyer Sponsors
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.